Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1538503
MD5:bb04cff8abab3f05ba86bc1a5952a3f6
SHA1:7c4d94b135a1c55d2aa2dfe096785784a03b294f
SHA256:8919f21c631289a002bceb7932ddca28d2990acbcf9d5723e208beeefedcaa03
Tags:CredentialFlusherexeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 6520 cmdline: "C:\Users\user\Desktop\file.exe" MD5: BB04CFF8ABAB3F05BA86BC1A5952A3F6)
    • taskkill.exe (PID: 6688 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5276 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4120 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6132 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7160 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 3416 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 2060 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5864 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48684b58-915c-4ad7-bbb8-94f929a0fef9} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1495a26f510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6100 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -parentBuildID 20230927232528 -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26151 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6098ac67-e0e7-4c6a-ac33-3955c5abdea3} 280 "\\.\pipe\gecko-crash-server-pipe.280" 14967079410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5468 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 33128 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6959f03c-51e1-44f4-ba96-6fd74e49b085} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1496c511310 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000003.2841065890.000000000186F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    Process Memory Space: file.exe PID: 6520JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: file.exeReversingLabs: Detection: 27%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.3% probability
      Source: file.exeJoe Sandbox ML: detected
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.12:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.12:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.12:49766 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.115.139:443 -> 192.168.2.12:63148 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63155 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63156 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63152 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63157 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63154 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63153 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63158 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63159 version: TLS 1.2
      Source: Binary string: winhttp.pdbC:\WINDOWS\FONTS\SEGOEUIB.TTF source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C957000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: freebl3.pdbP4 source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.3006733623.000001496D86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.3013986898.00000149699FE000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.3018915913.0000014969A63000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012212786.000001496C399000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.3022696142.000001496DF03000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3DC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.3007882535.000001496CC1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2987045799.000001496CC7D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.3013986898.00000149699FE000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.3006733623.000001496D86A000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.3018915913.0000014969A63000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdbrefresh-blocked-refresh-label source: firefox.exe, 0000000E.00000003.3012212786.000001496C399000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mswsock.pdb@ source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2989434758.000001496C8D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C87E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989434758.000001496C87E000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2988329803.000001496C957000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.3022696142.000001496DF03000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mswsock.pdb0 source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
      Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989063952.000001496C91C000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: userenv.pdbh source: firefox.exe, 0000000E.00000003.2983507951.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D669000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: twinapi.pdbprotections-panel-fingerprinters@ source: firefox.exe, 0000000E.00000003.2989063952.000001496C91C000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2987045799.000001496CC7D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2989434758.000001496C8D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C8D3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
      Source: Binary string: pnrpnsp.pdbP4 source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.3008394146.000001496CAC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3007882535.000001496CC1A000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0025DBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022C2A2 FindFirstFileExW,0_2_0022C2A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002668EE FindFirstFileW,FindClose,0_2_002668EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0026698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00269642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00269642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0026979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00269B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00269B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00265C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00265C97
      Source: firefox.exeMemory has grown: Private usage: 2MB later: 186MB
      Source: unknownNetwork traffic detected: DNS query count 31
      Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
      Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
      Source: Joe Sandbox ViewIP Address: 52.222.236.120 52.222.236.120
      Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
      Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.139
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0026CE44
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: , https://www.facebook.com/Z equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: , https://www.youtube.com/Z equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.3003551621.0000014975F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967909297.0000014975F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955578111.000001496D63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2952700128.0000014975FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967865625.0000014975FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.2954826835.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2970143174.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2954826835.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2970143174.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.3003551621.0000014975F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967909297.0000014975F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2952700128.0000014975FDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967865625.0000014975FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.2954826835.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2970143174.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2954826835.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2970143174.00000149725F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 00000012.00000002.4040172913.0000029E5FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 00000012.00000002.4040172913.0000029E5FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
      Source: firefox.exe, 00000012.00000002.4040172913.0000029E5FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.2954401023.00000149726CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981553309.00000149726CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://518c5fdd-1dc1-4a65-98aa-580f22ae3407/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.3020452558.0000014972682000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A2C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3003551621.0000014975F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.3013073772.0000014969A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.comLMEM( equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000E.00000003.3020452558.0000014972682000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
      Source: global trafficDNS traffic detected: DNS query: youtube.com
      Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
      Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
      Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: example.org
      Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
      Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: www.youtube.com
      Source: global trafficDNS traffic detected: DNS query: www.facebook.com
      Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
      Source: global trafficDNS traffic detected: DNS query: www.reddit.com
      Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
      Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
      Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
      Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
      Source: global trafficDNS traffic detected: DNS query: twitter.com
      Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
      Source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
      Source: firefox.exe, 0000000E.00000003.3024177299.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2993989116.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2994691777.0000014969A41000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000137802.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996592157.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000312159.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996244891.0000014969A42000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3001323561.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013372117.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3024177299.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A19000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013372117.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: firefox.exe, 0000000E.00000003.3024177299.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2993989116.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2994691777.0000014969A41000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000137802.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996592157.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000312159.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996244891.0000014969A42000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3001323561.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3024177299.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A19000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: firefox.exe, 0000000E.00000003.3024177299.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2993989116.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2994691777.0000014969A41000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000137802.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996592157.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000312159.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996244891.0000014969A42000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3001323561.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3024177299.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
      Source: firefox.exe, 0000000E.00000003.2981498898.00000149726D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2957835544.000001496CA71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.0000014972699000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981931966.0000014972699000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968512121.00000149759DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3008394146.000001496CA8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2987577233.000001496CA72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
      Source: firefox.exe, 0000000E.00000003.3005279536.0000014972E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
      Source: firefox.exe, 0000000E.00000003.2987577233.000001496CA72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
      Source: firefox.exe, 0000000E.00000003.2968611447.00000149756FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968611447.000001497569E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2991711968.0000014975657000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968611447.0000014975650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2980304847.000001497569E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
      Source: firefox.exe, 0000000E.00000003.2990976193.0000014975983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2990976193.0000014975952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
      Source: firefox.exe, 0000000E.00000003.2938696299.000001496B7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2933048518.000001496B7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2928061761.000001496B7F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
      Source: firefox.exe, 0000000E.00000003.2956877841.000001496D612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2913394723.000001496C7F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2880902246.000001496B2E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2912284563.000001496BE5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2943458208.000001496BE3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989910692.000001496C81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2937369758.000001496B2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2832457155.000001496A2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828071644.0000014969E3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2924651768.000001496BE7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2832457155.000001496A2FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2877297314.000001497277C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2944525812.000001496B2C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2859059447.000001496D9E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2958635912.000001496C87E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2975047768.000001496A2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2880902246.000001496B2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2915011693.000001497277C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2912284563.000001496BE7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2875216629.000001496BE67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2982588384.00000149725BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: firefox.exe, 0000000E.00000003.3024177299.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2993989116.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2994691777.0000014969A41000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000137802.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996592157.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000312159.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996244891.0000014969A42000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013372117.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3001323561.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3024177299.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A19000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3014720345.0000014969A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013986898.0000014969A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
      Source: firefox.exe, 0000000E.00000003.3022865419.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A0C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3024177299.0000014969A13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3013073772.0000014969A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
      Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
      Source: firefox.exe, 0000000E.00000003.2997452734.0000014974777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
      Source: firefox.exe, 0000000E.00000003.2973272085.000001496C8F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
      Source: firefox.exe, 00000012.00000003.2843430745.0000029E6083C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2841721181.0000029E6083C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4044987491.0000029E6083C000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
      Source: firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983277679.000001496D8FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
      Source: firefox.exe, 0000000E.00000003.2954969335.00000149725B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
      Source: file.exe, 00000000.00000002.2844883321.0000000001848000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2846041602.0000000001871000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2841065890.000000000186F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2914077847.000001496B296000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2943926254.000001496B518000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2942263266.000001496B57A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2937661392.000001496B296000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2880011282.000001496B57A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2935970964.000001496B56F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2881691561.000001496B29B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
      Source: firefox.exe, 0000000E.00000003.2952981153.0000014975CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3003852718.0000014975CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2995606150.0000014975CF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
      Source: firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
      Source: firefox.exe, 0000000E.00000003.2968146689.0000014975C0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954227387.00000149726EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696506299400400001.2&ci=1696506299033.
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&cta
      Source: firefox.exe, 0000000E.00000003.2996840304.000001497591D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
      Source: firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
      Source: firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
      Source: firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
      Source: firefox.exe, 0000000E.00000003.2869793101.000001496B58F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
      Source: firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
      Source: firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
      Source: firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
      Source: firefox.exe, 0000000E.00000003.2966587362.000001496C6A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
      Source: firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
      Source: firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
      Source: firefox.exe, 0000000E.00000003.2869793101.000001496B58F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
      Source: firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
      Source: firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
      Source: firefox.exe, 0000000E.00000003.2955578111.000001496D63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
      Source: firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
      Source: firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
      Source: firefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
      Source: firefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
      Source: firefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
      Source: firefox.exe, 0000000E.00000003.2943458208.000001496BE3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
      Source: firefox.exe, 0000000E.00000003.2914711307.000001496C6FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?Z
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
      Source: firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
      Source: firefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
      Source: firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
      Source: firefox.exe, 0000000E.00000003.2854166910.000001496BA0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
      Source: firefox.exe, 0000000E.00000003.2855389874.000001496BA32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2854166910.000001496BA26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2855307920.000001496BA98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
      Source: firefox.exe, 0000000E.00000003.2967909297.0000014975F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
      Source: firefox.exe, 0000000E.00000003.2995606150.0000014975CF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
      Source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
      Source: firefox.exe, 0000000E.00000003.3003551621.0000014975F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967909297.0000014975F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.comp
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
      Source: firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
      Source: firefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
      Source: firefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955578111.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3021972551.000001496D659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3007568691.000001496D65F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A787630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
      Source: firefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
      Source: firefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
      Source: firefox.exe, 0000000E.00000003.2927329585.000001496A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
      Source: firefox.exe, 0000000E.00000003.2927329585.000001496A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
      Source: firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
      Source: firefox.exe, 0000000E.00000003.3003551621.0000014975F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967909297.0000014975F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
      Source: firefox.exe, 0000000E.00000003.2850267322.00000149725C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954969335.00000149725C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
      Source: firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981387150.0000014972E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
      Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9e
      Source: firefox.exe, 0000000E.00000003.2967865625.0000014975FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
      Source: firefox.exe, 0000000E.00000003.2997884663.0000014974762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A7876F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
      Source: firefox.exe, 0000000E.00000003.2980304847.000001497569E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/01164410-e996-4fc1-abf8-4909a
      Source: firefox.exe, 0000000E.00000003.2968611447.0000014975650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981553309.00000149726CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/101f7ea1-4f11-4f23-a1d9-7c2d
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983277679.000001496D8FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983277679.000001496D8FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
      Source: firefox.exe, 0000000E.00000003.2980304847.0000014975650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2991711968.0000014975657000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968611447.0000014975650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
      Source: firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
      Source: firefox.exe, 00000013.00000002.4040533458.000001A78768F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
      Source: firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
      Source: firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
      Source: firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
      Source: firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
      Source: firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
      Source: firefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
      Source: firefox.exe, 0000000E.00000003.2954969335.00000149725C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
      Source: firefox.exe, 0000000E.00000003.3011246549.000001496C50A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
      Source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
      Source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
      Source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
      Source: firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
      Source: firefox.exe, 0000000E.00000003.2943458208.000001496BE3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
      Source: firefox.exe, 0000000E.00000003.2990976193.0000014975918000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996840304.000001497591D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
      Source: firefox.exe, 0000000E.00000003.2954364697.00000149726DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
      Source: firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
      Source: firefox.exe, 0000000E.00000003.3020409870.00000149726BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981717973.00000149726BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954542542.00000149726BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
      Source: firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
      Source: firefox.exe, 0000000E.00000003.2997884663.0000014974762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A7876F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
      Source: firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
      Source: firefox.exe, 0000000E.00000003.2997090526.000001497569E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2991711968.000001497569E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2988329803.000001496C9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968611447.000001497569E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2972584556.000001496C9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2980304847.000001497569E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
      Source: firefox.exe, 0000000E.00000003.2954401023.00000149726CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2980304847.0000014975650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2991711968.0000014975657000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968611447.0000014975650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2981553309.00000149726CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
      Source: firefox.exe, 0000000E.00000003.2922553581.000001496CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
      Source: firefox.exe, 0000000E.00000003.2983507951.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955578111.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3021972551.000001496D659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3007626708.000001496D659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
      Source: firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
      Source: firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
      Source: firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
      Source: firefox.exe, 0000000E.00000003.2867343570.000001496C7CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
      Source: firefox.exe, 0000000E.00000003.2850267322.00000149725C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954969335.00000149725C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
      Source: firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
      Source: firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_cd61a4703a8613be887576f2bd084bcc6f4756dccdbe5062
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
      Source: firefox.exe, 0000000E.00000003.2914711307.000001496C6FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
      Source: firefox.exe, 0000000E.00000003.3024177299.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3015579723.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2993989116.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2994691777.0000014969A41000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000137802.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3017869288.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996592157.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012931829.0000014969A3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3000312159.0000014969A45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3022865419.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996244891.0000014969A42000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3016485044.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3025643734.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3001323561.0000014969A31000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: firefox.exe, 0000000E.00000003.2982588384.00000149725BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2970462393.00000149725BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954969335.00000149725BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
      Source: firefox.exe, 0000000E.00000003.2852276991.000001496A7EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2853074038.000001496A718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
      Source: firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
      Source: firefox.exe, 0000000E.00000003.2914711307.000001496C6FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
      Source: firefox.exe, 0000000E.00000003.2860875536.000001496D971000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2865607996.000001496BEE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
      Source: firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
      Source: firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
      Source: firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
      Source: firefox.exe, 0000000E.00000003.2982188868.000001497261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
      Source: firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
      Source: firefox.exe, 0000000E.00000003.2855389874.000001496BA32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2854166910.000001496BA26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2855307920.000001496BA98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
      Source: firefox.exe, 0000000E.00000003.2968611447.00000149756AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2991659782.00000149756B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2980304847.00000149756AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
      Source: firefox.exe, 00000013.00000002.4040533458.000001A7876F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
      Source: firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
      Source: firefox.exe, 00000012.00000002.4040172913.0000029E5FBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/vi
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D8E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
      Source: firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
      Source: firefox.exe, 0000000E.00000003.2867343570.000001496C7CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
      Source: firefox.exe, 0000000E.00000003.3003551621.0000014975F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2967909297.0000014975F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
      Source: firefox.exe, 0000000E.00000003.2954969335.00000149725B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
      Source: firefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
      Source: firefox.exe, 0000000E.00000003.3006869940.000001496D698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2972584556.000001496C957000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2968858224.0000014975632000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955301454.00000149725A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
      Source: firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.00000149725A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3020575631.00000149725A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955301454.00000149725A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
      Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
      Source: firefox.exe, 00000013.00000002.4042848592.000001A787750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
      Source: firefox.exe, 00000012.00000002.4039352433.0000029E5F85A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4042848592.000001A787754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4039486603.000001A78747A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 0000000C.00000002.2811205107.000001D0333BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2816920988.000001CE5970F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
      Source: firefox.exe, 00000013.00000002.4039486603.000001A78747A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdC
      Source: firefox.exe, 00000010.00000002.4039714816.00000245FA5B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4041082345.00000245FA8A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4039352433.0000029E5F850000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4043199850.0000029E5FC54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4042848592.000001A787754000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4039486603.000001A787470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
      Source: firefox.exe, 00000013.00000002.4039486603.000001A787470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdW
      Source: firefox.exe, 00000012.00000002.4039352433.0000029E5F850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdh
      Source: firefox.exe, 00000010.00000002.4039714816.00000245FA5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdl
      Source: firefox.exe, 00000010.00000002.4039714816.00000245FA5BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdx
      Source: firefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 63156 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 63153 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63150
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63153
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63152
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 63150 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63148
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 63158 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 63314 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63155
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63154
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63157
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63156
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63159
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63158
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63314
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 63155 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 63152 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 63157 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 63154 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 63148 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 63159 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.12:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.12:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.12:49766 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.12:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.12:49771 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.115.139:443 -> 192.168.2.12:63148 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63155 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63156 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63152 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63157 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63154 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63153 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63158 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.12:63159 version: TLS 1.2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0026EAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0026ED6A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0026EAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0025AA57
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00289576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00289576

      System Summary

      barindex
      Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
      Source: file.exe, 00000000.00000000.2780310022.00000000002B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_bb04f523-f
      Source: file.exe, 00000000.00000000.2780310022.00000000002B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_047c77d5-2
      Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1c6a6e4d-c
      Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_a6b140f9-6
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E600C6837 NtQuerySystemInformation,18_2_0000029E600C6837
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E6026B472 NtQuerySystemInformation,18_2_0000029E6026B472
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0025D5EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00251201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00251201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0025E8F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001FBF400_2_001FBF40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002620460_2_00262046
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F80600_2_001F8060
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002582980_2_00258298
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022E4FF0_2_0022E4FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022676B0_2_0022676B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002848730_2_00284873
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0021CAA00_2_0021CAA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001FCAF00_2_001FCAF0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0020CC390_2_0020CC39
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00226DD90_2_00226DD9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0020B1190_2_0020B119
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F91C00_2_001F91C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002113940_2_00211394
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002117060_2_00211706
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0021781B0_2_0021781B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F79200_2_001F7920
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0020997D0_2_0020997D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002119B00_2_002119B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00217A4A0_2_00217A4A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00211C770_2_00211C77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00217CA70_2_00217CA7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027BE440_2_0027BE44
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00229EEE0_2_00229EEE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00211F320_2_00211F32
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E600C683718_2_0000029E600C6837
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E6026B47218_2_0000029E6026B472
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E6026B4B218_2_0000029E6026B4B2
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E6026BB9C18_2_0000029E6026BB9C
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 001F9CB3 appears 31 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00210A30 appears 46 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 0020F9F2 appears 40 times
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@69/13
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002637B5 GetLastError,FormatMessageW,0_2_002637B5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002510BF AdjustTokenPrivileges,CloseHandle,0_2_002510BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_002516C3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_002651CD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0025D4DC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0026648E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_001F42A2
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3508:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4404:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4608:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4140:120:WilError_03
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
      Source: firefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004126615.0000014975CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
      Source: file.exeReversingLabs: Detection: 27%
      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
      Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48684b58-915c-4ad7-bbb8-94f929a0fef9} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1495a26f510 socket
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -parentBuildID 20230927232528 -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26151 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6098ac67-e0e7-4c6a-ac33-3955c5abdea3} 280 "\\.\pipe\gecko-crash-server-pipe.280" 14967079410 rdd
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 33128 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6959f03c-51e1-44f4-ba96-6fd74e49b085} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1496c511310 utility
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48684b58-915c-4ad7-bbb8-94f929a0fef9} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1495a26f510 socketJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -parentBuildID 20230927232528 -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26151 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6098ac67-e0e7-4c6a-ac33-3955c5abdea3} 280 "\\.\pipe\gecko-crash-server-pipe.280" 14967079410 rddJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 33128 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6959f03c-51e1-44f4-ba96-6fd74e49b085} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1496c511310 utilityJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: winhttp.pdbC:\WINDOWS\FONTS\SEGOEUIB.TTF source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C957000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: freebl3.pdbP4 source: firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.3006733623.000001496D86A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.3013986898.00000149699FE000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.3018915913.0000014969A63000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3012212786.000001496C399000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.3022696142.000001496DF03000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3DC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.3007882535.000001496CC1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2987045799.000001496CC7D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.3013986898.00000149699FE000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.3006733623.000001496D86A000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.3018915913.0000014969A63000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: NapiNSP.pdbrefresh-blocked-refresh-label source: firefox.exe, 0000000E.00000003.3012212786.000001496C399000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mswsock.pdb@ source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2989434758.000001496C8D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C8D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C87E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989434758.000001496C87E000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2988329803.000001496C957000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2983277679.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006234349.000001496D8F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.3022696142.000001496DF03000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mswsock.pdb0 source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
      Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2988329803.000001496C941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989063952.000001496C91C000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: userenv.pdbh source: firefox.exe, 0000000E.00000003.2983507951.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D669000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: twinapi.pdbprotections-panel-fingerprinters@ source: firefox.exe, 0000000E.00000003.2989063952.000001496C91C000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2987045799.000001496CC7D000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2989434758.000001496C8D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3010251058.000001496C8D3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
      Source: Binary string: pnrpnsp.pdbP4 source: firefox.exe, 0000000E.00000003.3011944416.000001496C3AE000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.3008394146.000001496CAC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3007882535.000001496CC1A000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmp
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
      Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00210A76 push ecx; ret 0_2_00210A89
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0020F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0020F98E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00281C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00281C41
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95662
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E600C6837 rdtsc 18_2_0000029E600C6837
      Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0025DBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022C2A2 FindFirstFileExW,0_2_0022C2A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002668EE FindFirstFileW,FindClose,0_2_002668EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0026698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0025D3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00269642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00269642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0026979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00269B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00269B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00265C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00265C97
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
      Source: firefox.exe, 00000010.00000002.4044365245.00000245FAB08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllbm
      Source: firefox.exe, 00000010.00000002.4039714816.00000245FA5E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1
      Source: firefox.exe, 00000012.00000002.4043840057.0000029E60120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
      Source: firefox.exe, 00000010.00000002.4044365245.00000245FAB08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4043840057.0000029E60120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4039352433.0000029E5F85A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043093033.000001A787760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: firefox.exe, 00000012.00000002.4043840057.0000029E60120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
      Source: firefox.exe, 00000010.00000002.4043840887.00000245FAA19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
      Source: firefox.exe, 00000010.00000002.4044365245.00000245FAB08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: firefox.exe, 00000013.00000002.4039486603.000001A78747A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0#v
      Source: firefox.exe, 00000010.00000002.4039714816.00000245FA5BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
      Source: firefox.exe, 00000010.00000002.4044365245.00000245FAB08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4043840057.0000029E60120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000029E600C6837 rdtsc 18_2_0000029E600C6837
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026EAA2 BlockInput,0_2_0026EAA2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00222622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00222622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00214CE8 mov eax, dword ptr fs:[00000030h]0_2_00214CE8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00250B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00250B62
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00222622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00222622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0021083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0021083F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002109D5 SetUnhandledExceptionFilter,0_2_002109D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00210C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00210C21
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00251201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00251201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00232BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00232BA5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025B226 SendInput,keybd_event,0_2_0025B226
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_002722DA
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00250B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00250B62
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00251663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00251663
      Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: file.exeBinary or memory string: Shell_TrayWnd
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00210698 cpuid 0_2_00210698
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00268195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00268195
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0024D27A GetUserNameW,0_2_0024D27A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0022B952
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001F42DE

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 00000000.00000003.2841065890.000000000186F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR
      Source: file.exeBinary or memory string: WIN_81
      Source: file.exeBinary or memory string: WIN_XP
      Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
      Source: file.exeBinary or memory string: WIN_XPe
      Source: file.exeBinary or memory string: WIN_VISTA
      Source: file.exeBinary or memory string: WIN_7
      Source: file.exeBinary or memory string: WIN_8

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 00000000.00000003.2841065890.000000000186F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00271204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00271204
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00271806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00271806
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts
      1
      Windows Management Instrumentation
      1
      DLL Side-Loading
      1
      Exploitation for Privilege Escalation
      2
      Disable or Modify Tools
      21
      Input Capture
      2
      System Time Discovery
      Remote Services1
      Archive Collected Data
      2
      Ingress Tool Transfer
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API
      2
      Valid Accounts
      1
      DLL Side-Loading
      1
      Deobfuscate/Decode Files or Information
      LSASS Memory1
      Account Discovery
      Remote Desktop Protocol21
      Input Capture
      12
      Encrypted Channel
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection
      2
      Obfuscated Files or Information
      Security Account Manager2
      File and Directory Discovery
      SMB/Windows Admin Shares3
      Clipboard Data
      2
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
      Valid Accounts
      1
      DLL Side-Loading
      NTDS16
      System Information Discovery
      Distributed Component Object ModelInput Capture3
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
      Access Token Manipulation
      1
      Extra Window Memory Injection
      LSA Secrets131
      Security Software Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
      Process Injection
      1
      Masquerading
      Cached Domain Credentials1
      Virtualization/Sandbox Evasion
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Valid Accounts
      DCSync3
      Process Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      Virtualization/Sandbox Evasion
      Proc Filesystem1
      Application Window Discovery
      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
      Access Token Manipulation
      /etc/passwd and /etc/shadow1
      System Owner/User Discovery
      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
      Process Injection
      Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1538503 Sample: file.exe Startdate: 21/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 228 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 142.250.115.139, 443, 63148 GOOGLEUS United States 19->51 53 youtube.com 142.250.185.78, 443, 49723, 49726 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      file.exe28%ReversingLabsWin32.Trojan.CredentialFlusher
      file.exe100%Joe Sandbox ML
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
      http://detectportal.firefox.com/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
      http://www.mozilla.com00%URL Reputationsafe
      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
      https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
      https://shavar.services.mozilla.com0%URL Reputationsafe
      https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
      https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
      https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
      https://monitor.firefox.com/breach-details/0%URL Reputationsafe
      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
      https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
      https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
      https://api.accounts.firefox.com/v10%URL Reputationsafe
      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
      https://bugzilla.mo0%URL Reputationsafe
      https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%URL Reputationsafe
      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
      https://spocs.getpocket.com/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
      https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
      https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
      https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
      https://monitor.firefox.com/about0%URL Reputationsafe
      https://account.bellmedia.c0%URL Reputationsafe
      https://login.microsoftonline.com0%URL Reputationsafe
      https://coverage.mozilla.org0%URL Reputationsafe
      http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
      https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
      https://blocked.cdn.mozilla.net/0%URL Reputationsafe
      https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
      http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
      https://profiler.firefox.com0%URL Reputationsafe
      https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=7938690%URL Reputationsafe
      https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
      https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
      https://monitor.firefox.com/user/preferences0%URL Reputationsafe
      https://screenshots.firefox.com/0%URL Reputationsafe
      https://gpuweb.github.io/gpuweb/0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
      https://poczta.interia.pl/mh/?mailto=%s0%URL Reputationsafe
      https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-40%URL Reputationsafe
      https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-20%URL Reputationsafe
      https://watch.sling.com/0%URL Reputationsafe
      https://getpocket.com/firefox/new_tab_learn_more/0%URL Reputationsafe
      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      example.org
      93.184.215.14
      truefalse
        unknown
        star-mini.c10r.facebook.com
        157.240.0.35
        truefalse
          unknown
          prod.classify-client.prod.webservices.mozgcp.net
          35.190.72.216
          truefalse
            unknown
            prod.balrog.prod.cloudops.mozgcp.net
            35.244.181.201
            truefalse
              unknown
              twitter.com
              104.244.42.193
              truefalse
                unknown
                prod.detectportal.prod.cloudops.mozgcp.net
                34.107.221.82
                truefalse
                  unknown
                  services.addons.mozilla.org
                  52.222.236.120
                  truefalse
                    unknown
                    dyna.wikimedia.org
                    185.15.59.224
                    truefalse
                      unknown
                      prod.remote-settings.prod.webservices.mozgcp.net
                      34.149.100.209
                      truefalse
                        unknown
                        contile.services.mozilla.com
                        34.117.188.166
                        truefalse
                          unknown
                          youtube.com
                          142.250.185.78
                          truefalse
                            unknown
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            34.160.144.191
                            truefalse
                              unknown
                              youtube-ui.l.google.com
                              142.250.186.142
                              truefalse
                                unknown
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                34.149.128.2
                                truefalse
                                  unknown
                                  reddit.map.fastly.net
                                  151.101.129.140
                                  truefalse
                                    unknown
                                    ipv4only.arpa
                                    192.0.0.170
                                    truefalse
                                      unknown
                                      prod.ads.prod.webservices.mozgcp.net
                                      34.117.188.166
                                      truefalse
                                        unknown
                                        push.services.mozilla.com
                                        34.107.243.93
                                        truefalse
                                          unknown
                                          normandy-cdn.services.mozilla.com
                                          35.201.103.21
                                          truefalse
                                            unknown
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            34.120.208.123
                                            truefalse
                                              unknown
                                              www.reddit.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                spocs.getpocket.com
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  content-signature-2.cdn.mozilla.net
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    support.mozilla.org
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      firefox.settings.services.mozilla.com
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.youtube.com
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          www.facebook.com
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            detectportal.firefox.com
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              normandy.cdn.mozilla.net
                                                              unknown
                                                              unknownfalse
                                                                unknown
                                                                shavar.services.mozilla.com
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  www.wikipedia.org
                                                                  unknown
                                                                  unknownfalse
                                                                    unknown
                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://youtube.comZfirefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&ctafirefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                          unknown
                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.3005279536.0000014972E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.4040533458.000001A78768F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2954364697.00000149726DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2953163601.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2996203596.0000014975C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3004167451.0000014975C9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2914711307.000001496C6FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://www.msn.comfirefox.exe, 0000000E.00000003.3006234349.000001496D8E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://youtube.com/firefox.exe, 0000000E.00000003.3006234349.000001496D89E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.00000149725A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3020575631.00000149725A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983507951.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3006869940.000001496D687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955301454.00000149725A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://www.instagram.com/firefox.exe, 0000000E.00000003.2877297314.00000149727F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://www.amazon.com/firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2998284005.0000014972592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://www.youtube.com/firefox.exe, 0000000E.00000003.2954969335.00000149725B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000002.4040533458.000001A7876C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              http://127.0.0.1:firefox.exe, 0000000E.00000003.3020729247.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2971106692.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998460909.0000014972457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2943458208.000001496BE3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2996840304.000001497591D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://amazon.comfirefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                    unknown
                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9eprefs-1.js.14.drfalse
                                                                                                      unknown
                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://spocs.getpocket.com/firefox.exe, 00000013.00000002.4040533458.000001A78760C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.2962470322.0000202CE8103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_cd61a4703a8613be887576f2bd084bcc6f4756dccdbe5062firefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                            unknown
                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2956877841.000001496D612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2913394723.000001496C7F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2880902246.000001496B2E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2912284563.000001496BE5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2943458208.000001496BE3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2989910692.000001496C81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2937369758.000001496B2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2832457155.000001496A2EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828071644.0000014969E3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2924651768.000001496BE7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2832457155.000001496A2FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2877297314.000001497277C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2944525812.000001496B2C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2859059447.000001496D9E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2958635912.000001496C87E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2975047768.000001496A2DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2880902246.000001496B2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2915011693.000001497277C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2912284563.000001496BE7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2875216629.000001496BE67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2982588384.00000149725BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://account.bellmedia.cfirefox.exe, 0000000E.00000003.3006234349.000001496D8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983277679.000001496D8FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.3006234349.000001496D8FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2983277679.000001496D8FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.3005724589.0000014972581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2998284005.0000014972576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://profiler.firefox.comfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2983507951.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2955578111.000001496D63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3021972551.000001496D659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.3007626708.000001496D659000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2869793101.000001496B55D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2995606150.0000014975CF3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://www.google.com/searchfirefox.exe, 0000000E.00000003.2914711307.000001496C6FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826379894.0000014969E3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826212603.0000014969E1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2850793474.000001496B6E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826080735.0000014969C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826713373.0000014969E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2826540206.0000014969E57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://gpuweb.github.io/gpuweb/firefox.exe, 0000000E.00000003.2850536867.00000149725B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.4040956072.00000245FA860000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.4044014100.0000029E60220000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.4042717129.000001A787700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://twitter.com/firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000E.00000003.2876604197.000001496B341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2876533564.000001496B322000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2828099610.0000014969633000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://www.google.com/complete/searchfirefox.exe, 0000000E.00000003.2852276991.000001496A7EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2853074038.000001496A718000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2firefox.exe, 0000000E.00000003.3005724589.0000014972592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              https://watch.sling.com/firefox.exe, 0000000E.00000003.2867343570.000001496C7CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000000E.00000003.2981931966.000001497264D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2954641324.000001497264D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 00000010.00000002.4041422787.00000245FA9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.4040172913.0000029E5FBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.4043262872.000001A787906000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              https://github.com/google/closure-compiler/issues/3177firefox.exe, 0000000E.00000003.3026282661.000001496A645000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2927329585.000001496A636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2938184410.000001496A640000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                http://compose.mail.yahoo.co.jp/ym/Compose?To=%sfirefox.exe, 0000000E.00000003.2949084602.0000014965F7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs
                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  142.250.185.78
                                                                                                                                  youtube.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  34.149.100.209
                                                                                                                                  prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                  2686ATGS-MMD-ASUSfalse
                                                                                                                                  34.107.243.93
                                                                                                                                  push.services.mozilla.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  34.107.221.82
                                                                                                                                  prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  35.244.181.201
                                                                                                                                  prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  34.117.188.166
                                                                                                                                  contile.services.mozilla.comUnited States
                                                                                                                                  139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                  142.250.115.139
                                                                                                                                  unknownUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  52.222.236.120
                                                                                                                                  services.addons.mozilla.orgUnited States
                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                  35.201.103.21
                                                                                                                                  normandy-cdn.services.mozilla.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  35.190.72.216
                                                                                                                                  prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  34.160.144.191
                                                                                                                                  prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                  2686ATGS-MMD-ASUSfalse
                                                                                                                                  34.120.208.123
                                                                                                                                  telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  IP
                                                                                                                                  127.0.0.1
                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1538503
                                                                                                                                  Start date and time:2024-10-21 13:08:39 +02:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 8m 23s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:file.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal72.troj.evad.winEXE@34/34@69/13
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 40%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 94%
                                                                                                                                  • Number of executed functions: 40
                                                                                                                                  • Number of non-executed functions: 311
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 34.208.54.237, 52.26.161.5, 52.25.49.43, 2.22.61.56, 2.22.61.59, 142.250.181.238, 142.250.185.174, 172.217.18.10, 142.250.185.74
                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                  • Execution Graph export aborted for target firefox.exe, PID 280 because there are no executed function
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                  • VT rate limit hit for: file.exe
                                                                                                                                  TimeTypeDescription
                                                                                                                                  07:10:49API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  34.117.188.166SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      52.222.236.120SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                HovNfm4BLy.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          34.149.100.209SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              34.160.144.191SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  example.orgSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                  services.addons.mozilla.orgSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.23
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.80
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.23
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.48
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.48
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  star-mini.c10r.facebook.comhttps://www.childkorea.or.kr/bbs/link.html?code=alarm&number=3064&url=https://form.jotform.com/242923371946059Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • 157.240.252.35
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 157.240.251.35
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  https://cambridge.pl/testy-poziomujaceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 157.240.251.35
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 157.240.252.35
                                                                                                                                                                                                                  https://app.creatopy.com/share/d/qvnqyxdo8o7mGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                  twitter.comSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                  ATGS-MMD-ASUSSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  bin.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                  • 34.62.93.218
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  https://app.creatopy.com/share/d/qvnqyxdo8o7mGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.128.128.0
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  bin.armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 57.41.103.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  AMAZON-02USSUNLIGHT ORDER.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 76.76.21.93
                                                                                                                                                                                                                  https://www.childkorea.or.kr/bbs/link.html?code=alarm&number=3064&url=https://form.jotform.com/242923371946059Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • 13.224.189.68
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 3.5.132.70
                                                                                                                                                                                                                  https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 52.219.179.49
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.23
                                                                                                                                                                                                                  http://www.5movierulz.momGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.245.46.34
                                                                                                                                                                                                                  http://google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 18.238.171.108
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 52.222.236.80
                                                                                                                                                                                                                  ATGS-MMD-ASUSSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  bin.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                  • 34.62.93.218
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  https://app.creatopy.com/share/d/qvnqyxdo8o7mGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 34.128.128.0
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  bin.armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 57.41.103.191
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcaSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                  • 142.250.115.139
                                                                                                                                                                                                                  • 52.222.236.120
                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                    WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpSecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        SecuriteInfo.com.W32.PossibleThreat.17916.5400.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                        WinFIG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                          Entropy (8bit):5.181228725896766
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:SKGMXJl+cbhbVbTbfbRbObtbyEl7nHNCJA6unSrDtTkd/S+u:SGOcNhnzFSJnNx1nSrDhkd/4
                                                                                                                                                                                                                                                          MD5:7D76DEEF87F9CD25FB0D1EE6B08C17F2
                                                                                                                                                                                                                                                          SHA1:A2BCE6AAEEA732009A1D0DEFAC85407EC01620A3
                                                                                                                                                                                                                                                          SHA-256:95F6E6EF9CB2D40D17EC0819B353E7A727C340074DB90DC7FBE3812817E4DE20
                                                                                                                                                                                                                                                          SHA-512:57406416D26CA5586B8D8F3F8807C4090228E0095E82949E262B04DBD7880D3AAC7B29081A9D18B98EA7F778E1BAA673059F317A5423619D7278231A725845DD
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"011f9403-d033-488b-8d5e-393d0defebb5","creationDate":"2024-10-21T12:45:09.240Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"6dd3f0ba-94ca-4039-a9cb-c28787d8846c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                          Entropy (8bit):5.181228725896766
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:SKGMXJl+cbhbVbTbfbRbObtbyEl7nHNCJA6unSrDtTkd/S+u:SGOcNhnzFSJnNx1nSrDhkd/4
                                                                                                                                                                                                                                                          MD5:7D76DEEF87F9CD25FB0D1EE6B08C17F2
                                                                                                                                                                                                                                                          SHA1:A2BCE6AAEEA732009A1D0DEFAC85407EC01620A3
                                                                                                                                                                                                                                                          SHA-256:95F6E6EF9CB2D40D17EC0819B353E7A727C340074DB90DC7FBE3812817E4DE20
                                                                                                                                                                                                                                                          SHA-512:57406416D26CA5586B8D8F3F8807C4090228E0095E82949E262B04DBD7880D3AAC7B29081A9D18B98EA7F778E1BAA673059F317A5423619D7278231A725845DD
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"011f9403-d033-488b-8d5e-393d0defebb5","creationDate":"2024-10-21T12:45:09.240Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"6dd3f0ba-94ca-4039-a9cb-c28787d8846c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                          Entropy (8bit):4.925124977244294
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOyPUFCOdwNIOdoWLEWLtkDNu2x5FBvipA6kbDthnLuhakNo49lxelMeaI:8S+OyPUFCOdwNIOdujvYOhL74/8P
                                                                                                                                                                                                                                                          MD5:132E3E0D59DD5BCA61793C401587059A
                                                                                                                                                                                                                                                          SHA1:7D93B6B9C7CC32B1EB06E046FFF231A1942999E3
                                                                                                                                                                                                                                                          SHA-256:07C4B1B09C1E0BFDCB6B94B54D604E539D01E2A92FAC1D1C8DC850980321DED2
                                                                                                                                                                                                                                                          SHA-512:5A13FA66877704FCD8D6D7195936FF05EE3874067899A1125272276B3E058E6ED5C6E97E1D0B2063FD78B3A5B00F4F056FEEA6306BA0CE9B29C93203D0514337
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"96f9e63d-73a3-4fe1-9f2d-ebafbeb66ddb","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T12:06:51.636Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                          Entropy (8bit):4.925124977244294
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOyPUFCOdwNIOdoWLEWLtkDNu2x5FBvipA6kbDthnLuhakNo49lxelMeaI:8S+OyPUFCOdwNIOdujvYOhL74/8P
                                                                                                                                                                                                                                                          MD5:132E3E0D59DD5BCA61793C401587059A
                                                                                                                                                                                                                                                          SHA1:7D93B6B9C7CC32B1EB06E046FFF231A1942999E3
                                                                                                                                                                                                                                                          SHA-256:07C4B1B09C1E0BFDCB6B94B54D604E539D01E2A92FAC1D1C8DC850980321DED2
                                                                                                                                                                                                                                                          SHA-512:5A13FA66877704FCD8D6D7195936FF05EE3874067899A1125272276B3E058E6ED5C6E97E1D0B2063FD78B3A5B00F4F056FEEA6306BA0CE9B29C93203D0514337
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"96f9e63d-73a3-4fe1-9f2d-ebafbeb66ddb","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T12:06:51.636Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):5321
                                                                                                                                                                                                                                                          Entropy (8bit):6.617479871065904
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2YZ:VTx2x2t0FDJ4NpwZMd0EJwp
                                                                                                                                                                                                                                                          MD5:744AA9D00066B07B9D22ECD59451E988
                                                                                                                                                                                                                                                          SHA1:D91D4325A896528523CEB35E173BB7B3216DBC51
                                                                                                                                                                                                                                                          SHA-256:96DCBFD6F25B1FAE5ED93E857E574A70C40C2A1FDB4417EA619F21FD0E75A51C
                                                                                                                                                                                                                                                          SHA-512:702728C9024E7BD602C720C0BED1CFB53ECD07AA41DC7E2D36BA99A73B7B951738D24A00C23582EB768B94A29C62B2A8428016D8081F194599C93D0533B99CF9
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):5321
                                                                                                                                                                                                                                                          Entropy (8bit):6.617479871065904
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2YZ:VTx2x2t0FDJ4NpwZMd0EJwp
                                                                                                                                                                                                                                                          MD5:744AA9D00066B07B9D22ECD59451E988
                                                                                                                                                                                                                                                          SHA1:D91D4325A896528523CEB35E173BB7B3216DBC51
                                                                                                                                                                                                                                                          SHA-256:96DCBFD6F25B1FAE5ED93E857E574A70C40C2A1FDB4417EA619F21FD0E75A51C
                                                                                                                                                                                                                                                          SHA-512:702728C9024E7BD602C720C0BED1CFB53ECD07AA41DC7E2D36BA99A73B7B951738D24A00C23582EB768B94A29C62B2A8428016D8081F194599C93D0533B99CF9
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                          Entropy (8bit):5.184646348913515
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:vI4xvfgX84x684dc48z4W4Mhv84F484ti4N4RR4g4T:vfav84+
                                                                                                                                                                                                                                                          MD5:E92CC7529FCB9DF0DAEDE17959565616
                                                                                                                                                                                                                                                          SHA1:1CC88BFC5BD5A8C584887B567C077072A0D70C59
                                                                                                                                                                                                                                                          SHA-256:877E4A12A4FA2C78829F74C79C6FDF6634DA216EE21D27F3CF5CF90E4AFB78B3
                                                                                                                                                                                                                                                          SHA-512:BEE2ABAF3C91069023C126D7FB51D4FC04AE71797567EDF4CE3966983534523F2FEAA1F088375AC96A7FCF5617D18A92903EB24502C6130BB8C8901B39957A0D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{6d7fe281-4a57-4bbd-9d17-7dd4e1e4245a}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                          Entropy (8bit):5.184646348913515
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:vI4xvfgX84x684dc48z4W4Mhv84F484ti4N4RR4g4T:vfav84+
                                                                                                                                                                                                                                                          MD5:E92CC7529FCB9DF0DAEDE17959565616
                                                                                                                                                                                                                                                          SHA1:1CC88BFC5BD5A8C584887B567C077072A0D70C59
                                                                                                                                                                                                                                                          SHA-256:877E4A12A4FA2C78829F74C79C6FDF6634DA216EE21D27F3CF5CF90E4AFB78B3
                                                                                                                                                                                                                                                          SHA-512:BEE2ABAF3C91069023C126D7FB51D4FC04AE71797567EDF4CE3966983534523F2FEAA1F088375AC96A7FCF5617D18A92903EB24502C6130BB8C8901B39957A0D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{6d7fe281-4a57-4bbd-9d17-7dd4e1e4245a}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: WinFIG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.PossibleThreat.17916.5400.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: WinFIG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                          Entropy (8bit):0.07338695179673393
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiKl:DLhesh7Owd4+jiKl
                                                                                                                                                                                                                                                          MD5:231F08CB87397B87BA6243A3478A9FA1
                                                                                                                                                                                                                                                          SHA1:622EFE90D7246F7D4AE25468EF1DB75EEA233585
                                                                                                                                                                                                                                                          SHA-256:EF8BC1669045AD02ED4E004A5D8716B90868490942875445AD294F596958E175
                                                                                                                                                                                                                                                          SHA-512:33787DC8FCAEADB798EAB587F58AB834E5A69AD6D2E5F1B442F452EAC2CDD5A37A26054640CEA32EAECAB047B92D0221C76FB30666A6CE9096991D5C178E249A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                          Entropy (8bit):0.035455806264726504
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:GtlstFEMo1N1lstFEMo18T89//alEl:GtWtGMUHWtGMUa89XuM
                                                                                                                                                                                                                                                          MD5:258F245A11BB4F4700925B38C535D6DF
                                                                                                                                                                                                                                                          SHA1:2337D01A85117365418B54092156F88FA02361B6
                                                                                                                                                                                                                                                          SHA-256:2AAAF344ADD796B5BBC926D466A3006B08F4240A5F9440164FBD62657D5B2F4B
                                                                                                                                                                                                                                                          SHA-512:DB38BC2DB93D5327E317ADD94F6DF1294B9EF52734EFBDCC246617BB0C94811A6DCD228B96F94BC88EC68329CE2A95BFF7A29009F771CF744F9EBA59B99207A1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:..-.....................Sk.*........b..........4..-.....................Sk.*........b..........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                          Entropy (8bit):0.03697522243361166
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Ol1Kp9/y3SZ49FjN8aEJ/Nmhml8XW3R2:KEpAP9FA/Ehm93w
                                                                                                                                                                                                                                                          MD5:C8EF5BE9C4336DD352BB10D2F4023F5A
                                                                                                                                                                                                                                                          SHA1:6C57A0AA005E17336F1B5A6BE713018293BCFE62
                                                                                                                                                                                                                                                          SHA-256:A890810B2CD5A97BD4E67787A86D51071875B0B908DE85D22E390CF879A3079A
                                                                                                                                                                                                                                                          SHA-512:19779CF5EEDC3309C256A2A2F12120D1788ED5057080E3696F4A3D11FDAF7B5FE6FB332BC21934E6E43889EA50342961049206ED34E03B3E20BB01BD8D85904B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:7....-..............b...\w.................b...*.kS....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                          Size (bytes):13214
                                                                                                                                                                                                                                                          Entropy (8bit):5.479205360142369
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:DWHRqVGbQnGeRGGYbBp6AbUAaX/6hlDbHyt0uN0C5RIGNBw8dYwSl:u8ePbU8hWtTfww0
                                                                                                                                                                                                                                                          MD5:A82B9A8ED5F0218A25392D5605174C67
                                                                                                                                                                                                                                                          SHA1:FB97843AD87CB404B4580F536DC142750E7F52FF
                                                                                                                                                                                                                                                          SHA-256:E7BE6F35BD0D7B007AF2157EE1034A3D93605C655CFB121C93D38143DE0BD935
                                                                                                                                                                                                                                                          SHA-512:4605A7C0AE4B5D9626DDF7F03708E1BF666B467DDA2121F4E726853E5551C4C24CBBC3717B7375C6BB1DDF80655A209C30DF172B6B6B25786BCAD8498D71057F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "b6903dd2-9e5d-4efa-9f75-ceae7eb5377a");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729514679);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729514679);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729514679);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172951
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):13214
                                                                                                                                                                                                                                                          Entropy (8bit):5.479205360142369
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:DWHRqVGbQnGeRGGYbBp6AbUAaX/6hlDbHyt0uN0C5RIGNBw8dYwSl:u8ePbU8hWtTfww0
                                                                                                                                                                                                                                                          MD5:A82B9A8ED5F0218A25392D5605174C67
                                                                                                                                                                                                                                                          SHA1:FB97843AD87CB404B4580F536DC142750E7F52FF
                                                                                                                                                                                                                                                          SHA-256:E7BE6F35BD0D7B007AF2157EE1034A3D93605C655CFB121C93D38143DE0BD935
                                                                                                                                                                                                                                                          SHA-512:4605A7C0AE4B5D9626DDF7F03708E1BF666B467DDA2121F4E726853E5551C4C24CBBC3717B7375C6BB1DDF80655A209C30DF172B6B6B25786BCAD8498D71057F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "b6903dd2-9e5d-4efa-9f75-ceae7eb5377a");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729514679);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729514679);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729514679);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172951
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1573
                                                                                                                                                                                                                                                          Entropy (8bit):6.341673873269234
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS6f0edLXnIgz/pnxQwRlszT5sKU+3eHVwfVLeTTiamhujJRsJOGD6F:GUpOxd8E1nR6B3eAkTTi4JROBDFO
                                                                                                                                                                                                                                                          MD5:1E5C3DAF8F0EBDCE5571DC7FAC016A05
                                                                                                                                                                                                                                                          SHA1:A18896F5BDEC89F44092A9BF1E2D78E951F73061
                                                                                                                                                                                                                                                          SHA-256:B9AE45AE4C1B71610E5B9DE55E2D419290973310C81757595A084D0FF6154B1D
                                                                                                                                                                                                                                                          SHA-512:0EFCD5C75B2AC40081362FE61B774F7FE91E0D3CC2920FBAEEBC03C98FAA8E2AFACF0057DC2F10D9667D33689EA9FA4106B478EA7DEFBEEE63E5FDA9C4D6FC1B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{8784c08a-e8ff-43fd-814d-e6f05f6846df}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729514683297,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...ed1ab0e0-8ed7-4550-ae40-d5e96f7a5f34","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P49075...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A7b8c6550c03b9fc1f8cec10ec2235509764ee464f674c3d97d55e4ec4ac5b127","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...53457,"originA...."f
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1573
                                                                                                                                                                                                                                                          Entropy (8bit):6.341673873269234
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS6f0edLXnIgz/pnxQwRlszT5sKU+3eHVwfVLeTTiamhujJRsJOGD6F:GUpOxd8E1nR6B3eAkTTi4JROBDFO
                                                                                                                                                                                                                                                          MD5:1E5C3DAF8F0EBDCE5571DC7FAC016A05
                                                                                                                                                                                                                                                          SHA1:A18896F5BDEC89F44092A9BF1E2D78E951F73061
                                                                                                                                                                                                                                                          SHA-256:B9AE45AE4C1B71610E5B9DE55E2D419290973310C81757595A084D0FF6154B1D
                                                                                                                                                                                                                                                          SHA-512:0EFCD5C75B2AC40081362FE61B774F7FE91E0D3CC2920FBAEEBC03C98FAA8E2AFACF0057DC2F10D9667D33689EA9FA4106B478EA7DEFBEEE63E5FDA9C4D6FC1B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{8784c08a-e8ff-43fd-814d-e6f05f6846df}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729514683297,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...ed1ab0e0-8ed7-4550-ae40-d5e96f7a5f34","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P49075...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A7b8c6550c03b9fc1f8cec10ec2235509764ee464f674c3d97d55e4ec4ac5b127","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...53457,"originA...."f
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1573
                                                                                                                                                                                                                                                          Entropy (8bit):6.341673873269234
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxS6f0edLXnIgz/pnxQwRlszT5sKU+3eHVwfVLeTTiamhujJRsJOGD6F:GUpOxd8E1nR6B3eAkTTi4JROBDFO
                                                                                                                                                                                                                                                          MD5:1E5C3DAF8F0EBDCE5571DC7FAC016A05
                                                                                                                                                                                                                                                          SHA1:A18896F5BDEC89F44092A9BF1E2D78E951F73061
                                                                                                                                                                                                                                                          SHA-256:B9AE45AE4C1B71610E5B9DE55E2D419290973310C81757595A084D0FF6154B1D
                                                                                                                                                                                                                                                          SHA-512:0EFCD5C75B2AC40081362FE61B774F7FE91E0D3CC2920FBAEEBC03C98FAA8E2AFACF0057DC2F10D9667D33689EA9FA4106B478EA7DEFBEEE63E5FDA9C4D6FC1B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{8784c08a-e8ff-43fd-814d-e6f05f6846df}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729514683297,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...ed1ab0e0-8ed7-4550-ae40-d5e96f7a5f34","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P49075...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A7b8c6550c03b9fc1f8cec10ec2235509764ee464f674c3d97d55e4ec4ac5b127","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...53457,"originA...."f
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                          Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                          MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                          SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                          SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                          SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                          Entropy (8bit):5.0139677749159
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYBdUQZpExB1+anOnW2Vh6OdsVAWszzcsYMsku7f86SLAVL7+pj5FtsfAcbyk:ycB5TEr5n8mszzcBvbw6KkepHrc2Rn27
                                                                                                                                                                                                                                                          MD5:DCF8EEB4DBA947CAF872B8B5412685B8
                                                                                                                                                                                                                                                          SHA1:4C1168032ADD1BBB6D2EB8BF46D7D70EF4DD5CB6
                                                                                                                                                                                                                                                          SHA-256:AD400577E8D3BFF8F5BAA53F508DB03451740D8CDC83A896CE54A8E30A975A0C
                                                                                                                                                                                                                                                          SHA-512:DE6BBDC81D591B65449F0419A110F534138CF81E105083E35907E5E38ABEB51A8D6E9995061400CFC9A624C47FD15DE0D5C283C160487ECFEA144C8C0FCE6936
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-21T12:44:26.674Z","profileAgeCreated":1696507602906,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                          Entropy (8bit):5.0139677749159
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYBdUQZpExB1+anOnW2Vh6OdsVAWszzcsYMsku7f86SLAVL7+pj5FtsfAcbyk:ycB5TEr5n8mszzcBvbw6KkepHrc2Rn27
                                                                                                                                                                                                                                                          MD5:DCF8EEB4DBA947CAF872B8B5412685B8
                                                                                                                                                                                                                                                          SHA1:4C1168032ADD1BBB6D2EB8BF46D7D70EF4DD5CB6
                                                                                                                                                                                                                                                          SHA-256:AD400577E8D3BFF8F5BAA53F508DB03451740D8CDC83A896CE54A8E30A975A0C
                                                                                                                                                                                                                                                          SHA-512:DE6BBDC81D591B65449F0419A110F534138CF81E105083E35907E5E38ABEB51A8D6E9995061400CFC9A624C47FD15DE0D5C283C160487ECFEA144C8C0FCE6936
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-21T12:44:26.674Z","profileAgeCreated":1696507602906,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Entropy (8bit):6.5912688295754585
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                          MD5:bb04cff8abab3f05ba86bc1a5952a3f6
                                                                                                                                                                                                                                                          SHA1:7c4d94b135a1c55d2aa2dfe096785784a03b294f
                                                                                                                                                                                                                                                          SHA256:8919f21c631289a002bceb7932ddca28d2990acbcf9d5723e208beeefedcaa03
                                                                                                                                                                                                                                                          SHA512:62f4c01089d85cff56da481967a5308aeaba206036d9b895974a0acc0f3a0eacb7f42f51202c4383b83fd133d71d79d35fd258f4ba3c9db07ae4807922b1ddd4
                                                                                                                                                                                                                                                          SSDEEP:12288:eqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgajTB:eqDEvCTbMWu7rQYlBQcBiT6rprG8a3B
                                                                                                                                                                                                                                                          TLSH:F2159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x67162B42 [Mon Oct 21 10:21:54 2024 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                          call 00007F5F251C1703h
                                                                                                                                                                                                                                                          jmp 00007F5F251C100Fh
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                          call 00007F5F251C11EDh
                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                          call 00007F5F251C11BAh
                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          call 00007F5F251C3DADh
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          call 00007F5F251C3DF8h
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          call 00007F5F251C3DE1h
                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa68c.rsrc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .rsrc0xd40000xa68c0xa80052b499e3aeb06c0d4e4a830a0b0d9983False0.36183965773809523data5.609621703062495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                          RT_RCDATA0xdc7b80x1952data1.0016970070965752
                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde10c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde1840x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde1980x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde1ac0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                          RT_VERSION0xde1c00xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                          RT_MANIFEST0xde29c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863181114 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863215923 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863392115 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863442898 CEST4434972435.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863454103 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.863814116 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.867974997 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.867991924 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.869293928 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.869332075 CEST4434972435.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.892131090 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.892174006 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.898139000 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.898413897 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.898427963 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.126141071 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.131561995 CEST804972734.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.132832050 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.133043051 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.138341904 CEST804972734.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.321841955 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.321902990 CEST4434972834.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.324440956 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.326173067 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.326190948 CEST4434972834.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.336880922 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.336905003 CEST4434972934.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.337745905 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.339279890 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.339296103 CEST4434972934.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.375952005 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.375966072 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.380489111 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.380738020 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.380748034 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486349106 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486404896 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486541986 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486807108 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486841917 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.504997969 CEST4434972435.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.505088091 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517298937 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517343998 CEST4434972435.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517482996 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517509937 CEST4434972435.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517566919 CEST49724443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517939091 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.517963886 CEST4434973235.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.518078089 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.519814014 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.519826889 CEST4434973235.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.749068975 CEST804972734.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.757447958 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.757518053 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.758477926 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.758532047 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.762145042 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.762145042 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.762155056 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.762356997 CEST44349723142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.762403965 CEST49723443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.766761065 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.766838074 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.767786980 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.767909050 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771261930 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771269083 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771414995 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771478891 CEST44349726142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771764994 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771804094 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771816969 CEST49726443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.771939039 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.773257017 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.773292065 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.796129942 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.928500891 CEST4434972834.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.928582907 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.934667110 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.934680939 CEST4434972834.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.934725046 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.934911966 CEST4434972834.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.935038090 CEST49728443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.935194969 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.935233116 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.935421944 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.936695099 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.936721087 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.945517063 CEST4434972934.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.945595980 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.951077938 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.951085091 CEST4434972934.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.951203108 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.951308012 CEST4434972934.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.951380968 CEST49729443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.006814003 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.006891966 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.010210037 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.010214090 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.010611057 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.013283968 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.013382912 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.013473988 CEST4434973035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.013552904 CEST49730443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.114015102 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.114053011 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.115828037 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.118252039 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.119635105 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.119651079 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.122052908 CEST804972734.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.122682095 CEST4972780192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.123209953 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.124990940 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.125081062 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.126708984 CEST4434973235.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.128597975 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.128691912 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.128865004 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.128896952 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.129223108 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.132811069 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.132958889 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.132965088 CEST4434973134.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.133181095 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.133344889 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.133564949 CEST49731443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.134080887 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.134103060 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.134226084 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.134488106 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.134499073 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.136444092 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.136457920 CEST4434973235.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.136518955 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.136594057 CEST4434973235.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.136641026 CEST49732443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.138776064 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.168495893 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.174146891 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.174247026 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.174401045 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.179765940 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.568217039 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.568360090 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.575651884 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.575687885 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.575808048 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.575836897 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.575846910 CEST4434973434.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.582707882 CEST49734443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.652581930 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.653711081 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.658688068 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.658698082 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.664530039 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.664541006 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.664618015 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.664809942 CEST44349733142.250.185.78192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.666762114 CEST49733443192.168.2.12142.250.185.78
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.746517897 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.750200987 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.751395941 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.759365082 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.762000084 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.762125015 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.763684034 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.767029047 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.767035961 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.767965078 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.770977974 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.770992994 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771167994 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771254063 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771260023 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771642923 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771680117 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771703959 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771717072 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.771898031 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.772046089 CEST4434973734.160.144.191192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.773298979 CEST49737443192.168.2.1234.160.144.191
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.773503065 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.773524046 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.788518906 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.814851046 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.845932961 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.983330965 CEST4434973534.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.003252029 CEST49735443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.374268055 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.383351088 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.383927107 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.400938034 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.400943041 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.401257992 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.401298046 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.401304007 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.490870953 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.490904093 CEST4434974234.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.494147062 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.495187044 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.495204926 CEST4434974234.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.603337049 CEST4434974034.117.188.166192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.603435040 CEST49740443192.168.2.1234.117.188.166
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.639569044 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.645081997 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.656893969 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.656944036 CEST4434974334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.658085108 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.659471035 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.659501076 CEST4434974334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.695940971 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.701491117 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.768028021 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.824531078 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.826879978 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.880356073 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.122287989 CEST4434974234.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.122375965 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.127902985 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.127912045 CEST4434974234.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.127990961 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.128053904 CEST4434974234.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.131880999 CEST49742443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.292406082 CEST4434974334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.292490005 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.298125982 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.298144102 CEST4434974334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.298230886 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.298352957 CEST4434974334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:51.298481941 CEST49743443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.713361979 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.719146013 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.754570961 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.759865999 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.800291061 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.800329924 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.807969093 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.809514999 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.809529066 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.841788054 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.882859945 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.888794899 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.935847998 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.418165922 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.418180943 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.418248892 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.423664093 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.423671007 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.423767090 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.423892021 CEST4434974534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:54.423947096 CEST49745443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.746774912 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.746843100 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.747502089 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.747688055 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.747725010 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.748807907 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.748841047 CEST4434974734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.749367952 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.750732899 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.750751019 CEST4434974734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.912381887 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.918221951 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.040388107 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.086065054 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.136080027 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.137775898 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.137833118 CEST4434974834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.138633966 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.140301943 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.140326977 CEST4434974834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.142499924 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.265496016 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.308681965 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.370213985 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.370280027 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.378825903 CEST4434974734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.378892899 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.765942097 CEST4434974834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.766195059 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.927104950 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.927140951 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.927553892 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933614016 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933676958 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933801889 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933815956 CEST4434974734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933831930 CEST4434974635.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.933887005 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934086084 CEST4434974734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934290886 CEST49746443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934299946 CEST49747443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934815884 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934847116 CEST4434974934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.934990883 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.936418056 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.936427116 CEST4434974934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.937787056 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.937803030 CEST4434974834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.937860966 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.938433886 CEST4434974834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.938503981 CEST49748443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.560519934 CEST4434974934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.560600042 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.565880060 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.565901041 CEST4434974934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.565957069 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.566095114 CEST4434974934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:59.566142082 CEST49749443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.355941057 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.361437082 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.415564060 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.420950890 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.457840919 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.457879066 CEST4434975034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.458182096 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.459602118 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.459615946 CEST4434975034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.484200001 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.534219980 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.543867111 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.582410097 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.587790966 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.588366032 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.710376978 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.752161980 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.819242954 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.819286108 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.819504976 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.819684029 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.819700956 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.067090034 CEST4434975034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.067181110 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.441421032 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.441694021 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.987396955 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.987418890 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:01.987843990 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.032910109 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.267510891 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.267533064 CEST4434975034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.267594099 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.267699957 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.267843962 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268048048 CEST4434975134.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268151045 CEST4434975034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268172979 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268237114 CEST49750443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268239021 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268250942 CEST49751443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268445015 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268599033 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.268624067 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.458853006 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.460952044 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.460999012 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.461083889 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.462513924 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.462529898 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.464209080 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.586982965 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.634654999 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.875159025 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.875262022 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.926134109 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.926167011 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.926527023 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.929604053 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.929686069 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.929900885 CEST4434975234.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.930003881 CEST49752443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:03.070657969 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:03.079339981 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:03.081170082 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.210576057 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.210724115 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.214525938 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.214565039 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.214601040 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.214813948 CEST4434975334.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.214868069 CEST49753443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.216042995 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.216109037 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.225024939 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.225070000 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.225363970 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.225528002 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.225542068 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233015060 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233062029 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233256102 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233386040 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233402967 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233941078 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.233975887 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.234074116 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.234174967 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.234188080 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.238053083 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.238063097 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.238998890 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.238998890 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.239027977 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.249566078 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.249581099 CEST4434975834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.249897003 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.251323938 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.251332998 CEST4434975834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.338233948 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.338979006 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.342046022 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.347363949 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.386604071 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.469840050 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.524638891 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.831710100 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.839242935 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.839329958 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.840437889 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.840672970 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.844513893 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.844521999 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.844849110 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.845581055 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.849128008 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.851342916 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.851363897 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.851603031 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.864351988 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.864532948 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.874278069 CEST4434975834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.874454975 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.878290892 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.878339052 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.878657103 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.880882978 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.880892038 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.881151915 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887057066 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887188911 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887393951 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887414932 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887526989 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887533903 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887710094 CEST4434975534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887732983 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887747049 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887842894 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887938976 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.887949944 CEST4434975634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.888050079 CEST49755443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.888066053 CEST49756443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.888077974 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.103331089 CEST4434975434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.103526115 CEST49754443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.212457895 CEST49757443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.212481022 CEST4434975734.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.213049889 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.213079929 CEST4434975834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.213114977 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.213311911 CEST4434975834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.214850903 CEST49758443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.688889980 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.691652060 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.691700935 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.692284107 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.692420959 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.692442894 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.694366932 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.695383072 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.695425987 CEST4434976134.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.695674896 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.697043896 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.697060108 CEST4434976134.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.817295074 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.820689917 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.826203108 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.861459970 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.949106932 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.991271019 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.299616098 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.299690008 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.303020000 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.303029060 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.303276062 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.305417061 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.305522919 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.305573940 CEST4434976034.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.306174994 CEST49760443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.308223009 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.310874939 CEST4434976134.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.310950994 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.313657045 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.315804005 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.315829039 CEST4434976134.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.315910101 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.315965891 CEST4434976134.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.317589045 CEST49761443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.319890976 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.319933891 CEST4434976234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.320183992 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.321549892 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.321568012 CEST4434976234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.436575890 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.440396070 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.446321964 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.477107048 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.568908930 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.615194082 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.922353029 CEST4434976234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.922547102 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.927081108 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.927088022 CEST4434976234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.927182913 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.927369118 CEST4434976234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.928961039 CEST49762443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.930320024 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.935671091 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.058480978 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.061788082 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.067275047 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.116610050 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.190875053 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.232528925 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.414458990 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.414510965 CEST4434976334.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.414654970 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.418889999 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.418908119 CEST4434976334.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.042310953 CEST4434976334.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.042387009 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.047868967 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.047899008 CEST4434976334.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.047971964 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.048053980 CEST4434976334.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.048744917 CEST49763443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.051004887 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.056370020 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.179950953 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.184122086 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.189583063 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.234555006 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.312550068 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.366050005 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.404130936 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.404176950 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.407641888 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.407685041 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.407845974 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.407996893 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.407999992 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.408015966 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.408189058 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.408207893 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.419696093 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.419725895 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.420655012 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.420794010 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.420803070 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.424103022 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.424128056 CEST4434976735.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.426317930 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.427884102 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.427895069 CEST4434976735.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.433778048 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.433820009 CEST4434976835.201.103.21192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.434408903 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.435894012 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.435913086 CEST4434976835.201.103.21192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.032552958 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.032677889 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.034564018 CEST4434976735.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.034957886 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.035952091 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.035963058 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.036187887 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.036256075 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.036294937 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.038944960 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.038958073 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.039225101 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.044306993 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.044394970 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.044507980 CEST4434976435.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.046941996 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047127962 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047270060 CEST4434976534.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047434092 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047454119 CEST4434976735.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047482014 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.047642946 CEST4434976735.190.72.216192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.048737049 CEST49764443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.048751116 CEST49765443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.048764944 CEST49767443192.168.2.1235.190.72.216
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.050550938 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.056027889 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.058271885 CEST4434976835.201.103.21192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.058794022 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.063441038 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.063473940 CEST4434976835.201.103.21192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.063519955 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.063697100 CEST4434976835.201.103.21192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.068882942 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.069000006 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.073020935 CEST49768443192.168.2.1235.201.103.21
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.073055029 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.073257923 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.073280096 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.178878069 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.182010889 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.187506914 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.221187115 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.274471998 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.274566889 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.278192997 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.278218985 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.278471947 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.281855106 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.281960964 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.282027006 CEST4434976652.222.236.120192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.282133102 CEST49766443192.168.2.1252.222.236.120
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.291126966 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.291173935 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.291382074 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.291520119 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.291529894 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.293287992 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.293335915 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.293621063 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.293803930 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.293819904 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.295603037 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.295634031 CEST4434977235.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.295957088 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.296046972 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.296057940 CEST4434977235.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.297507048 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.302829981 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.309900999 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.358616114 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.425754070 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.433379889 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.438791037 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.475197077 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.561383009 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.606867075 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.680135012 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.680205107 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.683363914 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.683388948 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.683609962 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.685940027 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.686028957 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.686152935 CEST4434976934.149.100.209192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.686283112 CEST49769443192.168.2.1234.149.100.209
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.688648939 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.694011927 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.817003012 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.820256948 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.825855017 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.861103058 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.899909973 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.900077105 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.902939081 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.902951956 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.903208971 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905497074 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905595064 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905706882 CEST4434977035.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905716896 CEST4434977235.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905769110 CEST49770443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.905946016 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.908550978 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.908575058 CEST4434977235.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.908919096 CEST4434977235.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.911098957 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.911098957 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.911289930 CEST49772443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.913630009 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.918989897 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.920521021 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.920614004 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.923387051 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.923397064 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.923674107 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.926331043 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.926429033 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.926491022 CEST4434977135.244.181.201192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.929580927 CEST49771443192.168.2.1235.244.181.201
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.948463917 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.992568970 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.041842937 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.045346975 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.050816059 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.092873096 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.174649000 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.224390984 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.576073885 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.576114893 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.576209068 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.576581001 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.576596975 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.195421934 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.195514917 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.196163893 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.196276903 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.200424910 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.200436115 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.200720072 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.202802896 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.202802896 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.202985048 CEST44363148142.250.115.139192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.205868959 CEST63148443192.168.2.12142.250.115.139
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.207257986 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.212554932 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.335370064 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.338476896 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.343945980 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.381107092 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.467427015 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.528258085 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.340922117 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.346441984 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.493010998 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.498605013 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.500313997 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.505606890 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.628336906 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.631364107 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.636622906 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.686961889 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.759670019 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.818481922 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.444463015 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.444493055 CEST4436315034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.444591999 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.446623087 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.446640015 CEST4436315034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.070091009 CEST4436315034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.070287943 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.075449944 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.075464964 CEST4436315034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.075535059 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.075680971 CEST4436315034.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.076322079 CEST63150443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.078309059 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.087506056 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.210416079 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.214066982 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.219394922 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.257006884 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.342050076 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.395118952 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.223568916 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.229063034 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.355089903 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.360924959 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.413547039 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.413584948 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.413872004 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.413906097 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.413995981 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414006948 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414134979 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414145947 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414263010 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414289951 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414380074 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414414883 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414582014 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414592028 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414623022 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414623976 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414623976 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414625883 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414850950 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414866924 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.414992094 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415004015 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415056944 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415069103 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415127039 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415136099 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415196896 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415205956 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415258884 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415266991 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.016644955 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.016738892 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.020312071 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.020333052 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.020656109 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.021229029 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.021668911 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.024161100 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.024173975 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.024321079 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.024373055 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.024503946 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.025176048 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.025342941 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.025950909 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.027419090 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.027725935 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.027748108 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.028068066 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.028917074 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.028919935 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.030427933 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.030436993 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.030852079 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.030905962 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.031202078 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.031379938 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.031399012 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.034142017 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.034162998 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.034405947 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.037743092 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.037777901 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.038002968 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.039246082 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.039283991 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.040492058 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.041342020 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.041587114 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.041630983 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.041640043 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.042562008 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.042591095 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.043965101 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044163942 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044173956 CEST4436315734.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044255018 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044367075 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044522047 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.044548035 CEST4436315234.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.045948982 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.047009945 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.047106028 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.047172070 CEST4436315334.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.048497915 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.048599005 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.048631907 CEST4436315434.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049366951 CEST63157443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049381018 CEST63152443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049413919 CEST63153443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049423933 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049427032 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049704075 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049712896 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049864054 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.049871922 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.050092936 CEST63154443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.169022083 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.173949003 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.179589987 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.229443073 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.235356092 CEST4436315534.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.235462904 CEST63155443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.247339964 CEST4436315634.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.248728991 CEST63156443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.302491903 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.345453978 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.660456896 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.660475016 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.660542011 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.665226936 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.665239096 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.665467024 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.669234991 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.669390917 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.669473886 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.669487953 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.672537088 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.673491955 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.673511028 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.673588991 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.677736044 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.677753925 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.677897930 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.678188086 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.681633949 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.681783915 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.681843996 CEST4436315934.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.682003975 CEST63159443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.800611973 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.803963900 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.809247971 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.846874952 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.883342028 CEST4436315834.120.208.123192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.883429050 CEST63158443192.168.2.1234.120.208.123
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.932912111 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.978420019 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.807188988 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.812727928 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.938811064 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.944220066 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.821587086 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.826968908 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.953162909 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.958636999 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.402760029 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.402806044 CEST4436331434.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.402888060 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.404429913 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.404442072 CEST4436331434.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.011260986 CEST4436331434.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.011396885 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.016932011 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.016948938 CEST4436331434.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.017052889 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.017103910 CEST4436331434.107.243.93192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.020586967 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.020973921 CEST63314443192.168.2.1234.107.243.93
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.025988102 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.153295994 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.157247066 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.162784100 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.214647055 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.285425901 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.330583096 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.160145998 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.165613890 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.291749001 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.297538996 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.175103903 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.180670977 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.307092905 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.312665939 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.182074070 CEST4973880192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.187731981 CEST804973834.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.335586071 CEST4973680192.168.2.1234.107.221.82
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.341175079 CEST804973634.107.221.82192.168.2.12
                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.851219893 CEST6362653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.851464987 CEST5357553192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.858882904 CEST53636261.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.875946045 CEST5000253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.877974033 CEST5691853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.878715992 CEST5105853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.883291006 CEST53500021.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.885921001 CEST53569181.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.886022091 CEST53510581.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.897901058 CEST6114153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.902645111 CEST4931853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.902898073 CEST6294753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.905944109 CEST53611411.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.910700083 CEST53629471.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.911062002 CEST53493181.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.312715054 CEST4917153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.320216894 CEST53491711.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.321755886 CEST5485153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.325870037 CEST5898753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.328969955 CEST53548511.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.333070040 CEST53589871.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.336148024 CEST5812153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.337532997 CEST6400653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.343369007 CEST53581211.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.344657898 CEST53640061.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.346863031 CEST5567953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.354027987 CEST53556791.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.376773119 CEST5494853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.384031057 CEST53549481.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.388201952 CEST5750953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.395389080 CEST53575091.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.472323895 CEST5092953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.480365038 CEST53509291.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486452103 CEST5325753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.493957996 CEST53532571.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.494647980 CEST5901153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.502904892 CEST53590111.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.963990927 CEST5538753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.964425087 CEST5708953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.971817970 CEST53570891.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.971941948 CEST53553871.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.114716053 CEST6375853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.227592945 CEST5695853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.268812895 CEST53647341.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.745490074 CEST5608953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.752784967 CEST53560891.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.763567924 CEST5286253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.772264957 CEST53528621.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.773957968 CEST6321653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.782341003 CEST53632161.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.657038927 CEST5016653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.664711952 CEST53501661.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.667344093 CEST4934253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.674725056 CEST53493421.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.681581020 CEST6177653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.689076900 CEST53617761.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.694634914 CEST6265353192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.703372002 CEST53626531.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.705084085 CEST5836853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.713217020 CEST53583681.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.719902992 CEST5828153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.723069906 CEST6527953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.728441954 CEST53582811.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.730513096 CEST53652791.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.749095917 CEST5409153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.756690979 CEST53540911.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.758003950 CEST5897553192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.765461922 CEST53589751.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.138885021 CEST5647653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.147406101 CEST53564761.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.448964119 CEST5878353192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.456650972 CEST53587831.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.457720041 CEST5577553192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.465039015 CEST53557751.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.224956036 CEST5970953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.232433081 CEST53597091.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.287805080 CEST5284453192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.288044930 CEST6316853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296087980 CEST53631681.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST53528441.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296778917 CEST6162853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.304486990 CEST53616281.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.305001020 CEST5057853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.313083887 CEST53505781.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.313838005 CEST6197553192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.319607019 CEST5817653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.319809914 CEST6467853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST53619751.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321912050 CEST6124153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327302933 CEST53581761.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST53646781.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.328104019 CEST5111453192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.328207970 CEST5599953192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330008030 CEST53612411.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330583096 CEST5238353192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.335633039 CEST53559991.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.336190939 CEST5997653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.336586952 CEST53511141.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.337038994 CEST6233853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.338392019 CEST53523831.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.344569921 CEST53623381.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.344933987 CEST53599761.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.345405102 CEST4970153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.352906942 CEST53497011.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.353365898 CEST5721253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.360455036 CEST53572121.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.414597034 CEST6301853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.422167063 CEST53630181.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.405848026 CEST4956253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.416372061 CEST5624153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.417238951 CEST53495621.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.420164108 CEST5995053192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.423882008 CEST53562411.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.424726009 CEST5452653192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428349972 CEST53599501.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428998947 CEST5600453192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.432975054 CEST53545261.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.434348106 CEST6196753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.436835051 CEST53560041.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.442975044 CEST53619671.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.454619884 CEST5026253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.463242054 CEST53502621.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.969145060 CEST53626531.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.443860054 CEST6129253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.451798916 CEST53612921.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.453104973 CEST6158753192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.460526943 CEST53615871.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415244102 CEST5647353192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.423511028 CEST53564731.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.040348053 CEST6287253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.393821001 CEST5909853192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.401106119 CEST53590981.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.402206898 CEST5885153192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.409614086 CEST53588511.1.1.1192.168.2.12
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.020890951 CEST5314253192.168.2.121.1.1.1
                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.851219893 CEST192.168.2.121.1.1.10x959aStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.851464987 CEST192.168.2.121.1.1.10xdac4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.875946045 CEST192.168.2.121.1.1.10x575aStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.877974033 CEST192.168.2.121.1.1.10x894aStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.878715992 CEST192.168.2.121.1.1.10x977eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.897901058 CEST192.168.2.121.1.1.10x1574Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.902645111 CEST192.168.2.121.1.1.10xa1a7Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.902898073 CEST192.168.2.121.1.1.10x3d0cStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.312715054 CEST192.168.2.121.1.1.10x9701Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.321755886 CEST192.168.2.121.1.1.10xe743Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.325870037 CEST192.168.2.121.1.1.10x21ceStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.336148024 CEST192.168.2.121.1.1.10xd6e6Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.337532997 CEST192.168.2.121.1.1.10xe767Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.346863031 CEST192.168.2.121.1.1.10x92f3Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.376773119 CEST192.168.2.121.1.1.10x6778Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.388201952 CEST192.168.2.121.1.1.10x50a7Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.472323895 CEST192.168.2.121.1.1.10xc997Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.486452103 CEST192.168.2.121.1.1.10x278bStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.494647980 CEST192.168.2.121.1.1.10xb7c5Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.963990927 CEST192.168.2.121.1.1.10xd21cStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.964425087 CEST192.168.2.121.1.1.10x6613Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.114716053 CEST192.168.2.121.1.1.10x3bccStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.227592945 CEST192.168.2.121.1.1.10xabc4Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.745490074 CEST192.168.2.121.1.1.10xe4a8Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.763567924 CEST192.168.2.121.1.1.10x894dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.773957968 CEST192.168.2.121.1.1.10xe896Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.657038927 CEST192.168.2.121.1.1.10x648dStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.667344093 CEST192.168.2.121.1.1.10x5c41Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.681581020 CEST192.168.2.121.1.1.10xdb03Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.694634914 CEST192.168.2.121.1.1.10x7ab4Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.705084085 CEST192.168.2.121.1.1.10x4605Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.719902992 CEST192.168.2.121.1.1.10x3893Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.723069906 CEST192.168.2.121.1.1.10x249eStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.749095917 CEST192.168.2.121.1.1.10x2023Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.758003950 CEST192.168.2.121.1.1.10x13f3Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.138885021 CEST192.168.2.121.1.1.10xcfaStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.448964119 CEST192.168.2.121.1.1.10x51a7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.457720041 CEST192.168.2.121.1.1.10x6120Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.224956036 CEST192.168.2.121.1.1.10xaaecStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.287805080 CEST192.168.2.121.1.1.10xd3d2Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.288044930 CEST192.168.2.121.1.1.10xcfb7Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296778917 CEST192.168.2.121.1.1.10x3b62Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.305001020 CEST192.168.2.121.1.1.10xf5aeStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.313838005 CEST192.168.2.121.1.1.10x6f63Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.319607019 CEST192.168.2.121.1.1.10x65e7Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.319809914 CEST192.168.2.121.1.1.10x4549Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321912050 CEST192.168.2.121.1.1.10x974fStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.328104019 CEST192.168.2.121.1.1.10xb36bStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.328207970 CEST192.168.2.121.1.1.10x95caStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330583096 CEST192.168.2.121.1.1.10x9fb9Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.336190939 CEST192.168.2.121.1.1.10x36abStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.337038994 CEST192.168.2.121.1.1.10xecc2Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.345405102 CEST192.168.2.121.1.1.10x147dStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.353365898 CEST192.168.2.121.1.1.10x3c35Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:12.414597034 CEST192.168.2.121.1.1.10x31e7Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.405848026 CEST192.168.2.121.1.1.10xd20aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.416372061 CEST192.168.2.121.1.1.10x4db6Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.420164108 CEST192.168.2.121.1.1.10x9defStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.424726009 CEST192.168.2.121.1.1.10x7d8Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428998947 CEST192.168.2.121.1.1.10xdcStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.434348106 CEST192.168.2.121.1.1.10xcd4fStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.454619884 CEST192.168.2.121.1.1.10xd39Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.443860054 CEST192.168.2.121.1.1.10x3c2fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.453104973 CEST192.168.2.121.1.1.10x1141Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.415244102 CEST192.168.2.121.1.1.10x973eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.040348053 CEST192.168.2.121.1.1.10x1bfdStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.393821001 CEST192.168.2.121.1.1.10x57cfStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.402206898 CEST192.168.2.121.1.1.10xff48Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.020890951 CEST192.168.2.121.1.1.10x5439Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.858882904 CEST1.1.1.1192.168.2.120x959aNo error (0)youtube.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.858905077 CEST1.1.1.1192.168.2.120x87f6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.858918905 CEST1.1.1.1192.168.2.120xdac4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.858918905 CEST1.1.1.1192.168.2.120xdac4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.883291006 CEST1.1.1.1192.168.2.120x575aNo error (0)youtube.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.885921001 CEST1.1.1.1192.168.2.120x894aNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.886022091 CEST1.1.1.1192.168.2.120x977eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.905944109 CEST1.1.1.1192.168.2.120x1574No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:47.911062002 CEST1.1.1.1192.168.2.120xa1a7No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.320216894 CEST1.1.1.1192.168.2.120x9701No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.328969955 CEST1.1.1.1192.168.2.120xe743No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.333070040 CEST1.1.1.1192.168.2.120x21ceNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.333070040 CEST1.1.1.1192.168.2.120x21ceNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.344657898 CEST1.1.1.1192.168.2.120xe767No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.371609926 CEST1.1.1.1192.168.2.120x249fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.371609926 CEST1.1.1.1192.168.2.120x249fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.384031057 CEST1.1.1.1192.168.2.120x6778No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.480365038 CEST1.1.1.1192.168.2.120xc997No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.480365038 CEST1.1.1.1192.168.2.120xc997No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.480365038 CEST1.1.1.1192.168.2.120xc997No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.493957996 CEST1.1.1.1192.168.2.120x278bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.502904892 CEST1.1.1.1192.168.2.120xb7c5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.971817970 CEST1.1.1.1192.168.2.120x6613No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.971817970 CEST1.1.1.1192.168.2.120x6613No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.971941948 CEST1.1.1.1192.168.2.120xd21cNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.122443914 CEST1.1.1.1192.168.2.120x3bccNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.122443914 CEST1.1.1.1192.168.2.120x3bccNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.235358953 CEST1.1.1.1192.168.2.120xabc4No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.752784967 CEST1.1.1.1192.168.2.120xe4a8No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.772264957 CEST1.1.1.1192.168.2.120x894dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.655903101 CEST1.1.1.1192.168.2.120x8b5fNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.664711952 CEST1.1.1.1192.168.2.120x648dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.689076900 CEST1.1.1.1192.168.2.120xdb03No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.689076900 CEST1.1.1.1192.168.2.120xdb03No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.689076900 CEST1.1.1.1192.168.2.120xdb03No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.703372002 CEST1.1.1.1192.168.2.120x7ab4No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.767484903 CEST1.1.1.1192.168.2.120x39afNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.728252888 CEST1.1.1.1192.168.2.120xe496No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.728252888 CEST1.1.1.1192.168.2.120xe496No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.730513096 CEST1.1.1.1192.168.2.120x249eNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.730513096 CEST1.1.1.1192.168.2.120x249eNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.756690979 CEST1.1.1.1192.168.2.120x2023No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.456650972 CEST1.1.1.1192.168.2.120x51a7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296087980 CEST1.1.1.1192.168.2.120xcfb7No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296087980 CEST1.1.1.1192.168.2.120xcfb7No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.296555042 CEST1.1.1.1192.168.2.120xd3d2No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.304486990 CEST1.1.1.1192.168.2.120x3b62No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.313083887 CEST1.1.1.1192.168.2.120xf5aeNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST1.1.1.1192.168.2.120x6f63No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST1.1.1.1192.168.2.120x6f63No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST1.1.1.1192.168.2.120x6f63No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST1.1.1.1192.168.2.120x6f63No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.321249008 CEST1.1.1.1192.168.2.120x6f63No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327302933 CEST1.1.1.1192.168.2.120x65e7No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327302933 CEST1.1.1.1192.168.2.120x65e7No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.327419043 CEST1.1.1.1192.168.2.120x4549No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330008030 CEST1.1.1.1192.168.2.120x974fNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330008030 CEST1.1.1.1192.168.2.120x974fNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330008030 CEST1.1.1.1192.168.2.120x974fNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.330008030 CEST1.1.1.1192.168.2.120x974fNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.335633039 CEST1.1.1.1192.168.2.120x95caNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.335633039 CEST1.1.1.1192.168.2.120x95caNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.335633039 CEST1.1.1.1192.168.2.120x95caNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.335633039 CEST1.1.1.1192.168.2.120x95caNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.336586952 CEST1.1.1.1192.168.2.120xb36bNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.344569921 CEST1.1.1.1192.168.2.120xecc2No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.344933987 CEST1.1.1.1192.168.2.120x36abNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.352906942 CEST1.1.1.1192.168.2.120x147dNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.411680937 CEST1.1.1.1192.168.2.120x1a52No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.411680937 CEST1.1.1.1192.168.2.120x1a52No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.417238951 CEST1.1.1.1192.168.2.120xd20aNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.417238951 CEST1.1.1.1192.168.2.120xd20aNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.417238951 CEST1.1.1.1192.168.2.120xd20aNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.417238951 CEST1.1.1.1192.168.2.120xd20aNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428349972 CEST1.1.1.1192.168.2.120x9defNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428349972 CEST1.1.1.1192.168.2.120x9defNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428349972 CEST1.1.1.1192.168.2.120x9defNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.428349972 CEST1.1.1.1192.168.2.120x9defNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.432975054 CEST1.1.1.1192.168.2.120x7d8No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.432975054 CEST1.1.1.1192.168.2.120x7d8No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:15.442975044 CEST1.1.1.1192.168.2.120xcd4fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.924882889 CEST1.1.1.1192.168.2.120xc87bNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.924882889 CEST1.1.1.1192.168.2.120xc87bNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:33.451798916 CEST1.1.1.1192.168.2.120x3c2fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:45.412537098 CEST1.1.1.1192.168.2.120xdcc4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.047689915 CEST1.1.1.1192.168.2.120x1bfdNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.047689915 CEST1.1.1.1192.168.2.120x1bfdNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:14.401106119 CEST1.1.1.1192.168.2.120x57cfNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.028697014 CEST1.1.1.1192.168.2.120x5439No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.028697014 CEST1.1.1.1192.168.2.120x5439No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          • detectportal.firefox.com
                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.124972734.107.221.8280280C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.133043051 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:48.749068975 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73508
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.124973634.107.221.8280280C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.133344889 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.746517897 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80186
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.639569044 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.768028021 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80187
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.713361979 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.841788054 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80190
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:57.912381887 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.040388107 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80194
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.355941057 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.484200001 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80197
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.582410097 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.710376978 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80197
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.210576057 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.338233948 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80201
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.342046022 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.469840050 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80201
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.820689917 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.949106932 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80202
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.440396070 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.568908930 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80203
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.061788082 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.190875053 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80204
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.184122086 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.312550068 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80210
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.182010889 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.309900999 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80213
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.433379889 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.561383009 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80213
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.820256948 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.948463917 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80213
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.045346975 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.174649000 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80214
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.338476896 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.467427015 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80215
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.493010998 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.631364107 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.759670019 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80228
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.214066982 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.342050076 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80231
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.355089903 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.173949003 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.302491903 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80243
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.803963900 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.932912111 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80243
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.938811064 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.953162909 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.157247066 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.285425901 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 12:54:23 GMT
                                                                                                                                                                                                                                                          Age: 80272
                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.291749001 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.307092905 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.335586071 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.124973834.107.221.8280280C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.174401045 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:49.788518906 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73509
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.695940971 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:50.824531078 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73510
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.754570961 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:53.882859945 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73513
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.136080027 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:10:58.265496016 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73518
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.415564060 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:00.543867111 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73520
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.458853006 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:02.586982965 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73522
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.210724115 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:04.338979006 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73524
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.688889980 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:05.817295074 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73525
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.308223009 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.436575890 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73526
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:06.930320024 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:07.058480978 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73526
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.051004887 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:13.179950953 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73533
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.050550938 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.178878069 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73536
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.297507048 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.425754070 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73536
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.688648939 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.817003012 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73536
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:16.913630009 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:17.041842937 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73536
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.207257986 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:18.335370064 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73538
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:28.340922117 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.500313997 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:31.628336906 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73551
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.078309059 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:34.210416079 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73554
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:44.223568916 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.040492058 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.169022083 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73566
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.672537088 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:46.800611973 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73566
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:11:56.807188988 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:06.821587086 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.020586967 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:15.153295994 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                          Date: Sun, 20 Oct 2024 14:45:40 GMT
                                                                                                                                                                                                                                                          Age: 73595
                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:25.160145998 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:35.175103903 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Oct 21, 2024 13:12:45.182074070 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:07:10:40
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                          Imagebase:0x1f0000
                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                          MD5 hash:BB04CFF8ABAB3F05BA86BC1A5952A3F6
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000003.2841065890.000000000186F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                          Start time:07:10:40
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                          Start time:07:10:40
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                          Start time:07:10:42
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                          Start time:07:10:43
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                          Start time:07:10:43
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                          Start time:07:10:43
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                          Start time:07:10:43
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                          Start time:07:10:43
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                          Start time:07:10:44
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48684b58-915c-4ad7-bbb8-94f929a0fef9} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1495a26f510 socket
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                          Start time:07:10:45
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -parentBuildID 20230927232528 -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26151 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6098ac67-e0e7-4c6a-ac33-3955c5abdea3} 280 "\\.\pipe\gecko-crash-server-pipe.280" 14967079410 rdd
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                          Start time:07:10:53
                                                                                                                                                                                                                                                          Start date:21/10/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 33128 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6959f03c-51e1-44f4-ba96-6fd74e49b085} 280 "\\.\pipe\gecko-crash-server-pipe.280" 1496c511310 utility
                                                                                                                                                                                                                                                          Imagebase:0x7ff6b1600000
                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:2.1%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:6.8%
                                                                                                                                                                                                                                                            Total number of Nodes:1577
                                                                                                                                                                                                                                                            Total number of Limit Nodes:49
                                                                                                                                                                                                                                                            execution_graph 94906 228402 94911 2281be 94906->94911 94909 22842a 94912 2281ef try_get_first_available_module 94911->94912 94922 228338 94912->94922 94926 218e0b 94912->94926 94914 2283ee 94935 2227ec 26 API calls pre_c_initialization 94914->94935 94916 228343 94916->94909 94923 230984 94916->94923 94919 218e0b 40 API calls 94920 2283ab 94919->94920 94921 218e0b 40 API calls 94920->94921 94920->94922 94921->94922 94922->94916 94934 21f2d9 20 API calls _free 94922->94934 94939 230081 94923->94939 94925 23099f 94925->94909 94927 218eab 94926->94927 94928 218e1f 94926->94928 94938 218ec3 40 API calls 3 library calls 94927->94938 94933 218e41 94928->94933 94936 21f2d9 20 API calls _free 94928->94936 94931 218e36 94937 2227ec 26 API calls pre_c_initialization 94931->94937 94933->94919 94933->94922 94934->94914 94935->94916 94936->94931 94937->94933 94938->94933 94940 23008d BuildCatchObjectHelperInternal 94939->94940 94941 23009b 94940->94941 94944 2300d4 94940->94944 94997 21f2d9 20 API calls _free 94941->94997 94943 2300a0 94998 2227ec 26 API calls pre_c_initialization 94943->94998 94950 23065b 94944->94950 94949 2300aa __fread_nolock 94949->94925 95000 23042f 94950->95000 94953 2306a6 95018 225221 94953->95018 94954 23068d 95032 21f2c6 20 API calls _free 94954->95032 94957 230692 95033 21f2d9 20 API calls _free 94957->95033 94958 2306ab 94959 2306b4 94958->94959 94960 2306cb 94958->94960 95034 21f2c6 20 API calls _free 94959->95034 95031 23039a CreateFileW 94960->95031 94964 2306b9 95035 21f2d9 20 API calls _free 94964->95035 94965 230781 GetFileType 94968 2307d3 94965->94968 94969 23078c GetLastError 94965->94969 94967 230756 GetLastError 95037 21f2a3 20 API calls 2 library calls 94967->95037 95040 22516a 21 API calls 3 library calls 94968->95040 95038 21f2a3 20 API calls 2 library calls 94969->95038 94970 230704 94970->94965 94970->94967 95036 23039a CreateFileW 94970->95036 94974 23079a CloseHandle 94974->94957 94975 2307c3 94974->94975 95039 21f2d9 20 API calls _free 94975->95039 94977 230749 94977->94965 94977->94967 94979 2307f4 94981 230840 94979->94981 95041 2305ab 72 API calls 4 library calls 94979->95041 94980 2307c8 94980->94957 94985 23086d 94981->94985 95042 23014d 72 API calls 4 library calls 94981->95042 94984 230866 94984->94985 94987 23087e 94984->94987 95043 2286ae 94985->95043 94988 2300f8 94987->94988 94989 2308fc CloseHandle 94987->94989 94999 230121 LeaveCriticalSection __wsopen_s 94988->94999 95058 23039a CreateFileW 94989->95058 94991 230927 94992 23095d 94991->94992 94993 230931 GetLastError 94991->94993 94992->94988 95059 21f2a3 20 API calls 2 library calls 94993->95059 94995 23093d 95060 225333 21 API calls 3 library calls 94995->95060 94997->94943 94998->94949 94999->94949 95001 230450 95000->95001 95002 23046a 95000->95002 95001->95002 95068 21f2d9 20 API calls _free 95001->95068 95061 2303bf 95002->95061 95005 23045f 95069 2227ec 26 API calls pre_c_initialization 95005->95069 95007 2304a2 95008 2304d1 95007->95008 95070 21f2d9 20 API calls _free 95007->95070 95017 230524 95008->95017 95072 21d70d 26 API calls 2 library calls 95008->95072 95011 2304c6 95071 2227ec 26 API calls pre_c_initialization 95011->95071 95012 23051f 95013 23059e 95012->95013 95012->95017 95073 2227fc 11 API calls _abort 95013->95073 95016 2305aa 95017->94953 95017->94954 95019 22522d BuildCatchObjectHelperInternal 95018->95019 95076 222f5e EnterCriticalSection 95019->95076 95021 22527b 95077 22532a 95021->95077 95023 225259 95080 225000 95023->95080 95024 225234 95024->95021 95024->95023 95028 2252c7 EnterCriticalSection 95024->95028 95026 2252a4 __fread_nolock 95026->94958 95028->95021 95030 2252d4 LeaveCriticalSection 95028->95030 95030->95024 95031->94970 95032->94957 95033->94988 95034->94964 95035->94957 95036->94977 95037->94957 95038->94974 95039->94980 95040->94979 95041->94981 95042->94984 95106 2253c4 95043->95106 95045 2286c4 95119 225333 21 API calls 3 library calls 95045->95119 95046 2286be 95046->95045 95048 2253c4 __wsopen_s 26 API calls 95046->95048 95057 2286f6 95046->95057 95051 2286ed 95048->95051 95049 2253c4 __wsopen_s 26 API calls 95052 228702 CloseHandle 95049->95052 95050 22871c 95056 22873e 95050->95056 95120 21f2a3 20 API calls 2 library calls 95050->95120 95053 2253c4 __wsopen_s 26 API calls 95051->95053 95052->95045 95054 22870e GetLastError 95052->95054 95053->95057 95054->95045 95056->94988 95057->95045 95057->95049 95058->94991 95059->94995 95060->94992 95063 2303d7 95061->95063 95062 2303f2 95062->95007 95063->95062 95074 21f2d9 20 API calls _free 95063->95074 95065 230416 95075 2227ec 26 API calls pre_c_initialization 95065->95075 95067 230421 95067->95007 95068->95005 95069->95002 95070->95011 95071->95008 95072->95012 95073->95016 95074->95065 95075->95067 95076->95024 95088 222fa6 LeaveCriticalSection 95077->95088 95079 225331 95079->95026 95089 224c7d 95080->95089 95082 22501f 95097 2229c8 95082->95097 95085 225071 95085->95021 95087 225147 EnterCriticalSection 95085->95087 95086 225012 95086->95082 95096 223405 11 API calls 2 library calls 95086->95096 95087->95021 95088->95079 95094 224c8a _free 95089->95094 95090 224cca 95104 21f2d9 20 API calls _free 95090->95104 95091 224cb5 RtlAllocateHeap 95092 224cc8 95091->95092 95091->95094 95092->95086 95094->95090 95094->95091 95103 214ead 7 API calls 2 library calls 95094->95103 95096->95086 95098 2229d3 RtlFreeHeap 95097->95098 95099 2229fc _free 95097->95099 95098->95099 95100 2229e8 95098->95100 95099->95085 95105 21f2d9 20 API calls _free 95100->95105 95102 2229ee GetLastError 95102->95099 95103->95094 95104->95092 95105->95102 95107 2253d1 95106->95107 95108 2253e6 95106->95108 95121 21f2c6 20 API calls _free 95107->95121 95113 22540b 95108->95113 95123 21f2c6 20 API calls _free 95108->95123 95110 2253d6 95122 21f2d9 20 API calls _free 95110->95122 95113->95046 95114 225416 95124 21f2d9 20 API calls _free 95114->95124 95115 2253de 95115->95046 95117 22541e 95125 2227ec 26 API calls pre_c_initialization 95117->95125 95119->95050 95120->95056 95121->95110 95122->95115 95123->95114 95124->95117 95125->95115 95126 1ff7bf 95127 1ffcb6 95126->95127 95128 1ff7d3 95126->95128 95230 1faceb 95127->95230 95130 1ffcc2 95128->95130 95161 20fddb 95128->95161 95132 1faceb 23 API calls 95130->95132 95135 1ffd3d 95132->95135 95133 1ff7e5 95133->95130 95134 1ff83e 95133->95134 95133->95135 95159 1fed9d messages 95134->95159 95171 201310 95134->95171 95240 261155 22 API calls 95135->95240 95138 20fddb 22 API calls 95158 1fec76 messages 95138->95158 95140 1ffef7 95140->95159 95242 1fa8c7 22 API calls __fread_nolock 95140->95242 95142 244600 95142->95159 95241 1fa8c7 22 API calls __fread_nolock 95142->95241 95143 244b0b 95244 26359c 82 API calls __wsopen_s 95143->95244 95147 1fa8c7 22 API calls 95147->95158 95150 210242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95150->95158 95151 1ffbe3 95153 244bdc 95151->95153 95151->95159 95160 1ff3ae messages 95151->95160 95152 1fa961 22 API calls 95152->95158 95245 26359c 82 API calls __wsopen_s 95153->95245 95155 244beb 95246 26359c 82 API calls __wsopen_s 95155->95246 95156 2101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95156->95158 95157 2100a3 29 API calls pre_c_initialization 95157->95158 95158->95138 95158->95140 95158->95142 95158->95143 95158->95147 95158->95150 95158->95151 95158->95152 95158->95155 95158->95156 95158->95157 95158->95159 95158->95160 95228 2001e0 348 API calls 2 library calls 95158->95228 95229 2006a0 41 API calls messages 95158->95229 95160->95159 95243 26359c 82 API calls __wsopen_s 95160->95243 95163 20fde0 95161->95163 95164 20fdfa 95163->95164 95168 20fdfc 95163->95168 95247 21ea0c 95163->95247 95254 214ead 7 API calls 2 library calls 95163->95254 95164->95133 95166 21066d 95256 2132a4 RaiseException 95166->95256 95168->95166 95255 2132a4 RaiseException 95168->95255 95170 21068a 95170->95133 95172 2017b0 95171->95172 95173 201376 95171->95173 95332 210242 5 API calls __Init_thread_wait 95172->95332 95175 201390 95173->95175 95176 246331 95173->95176 95259 201940 95175->95259 95342 27709c 348 API calls 95176->95342 95178 2017ba 95181 2017fb 95178->95181 95333 1f9cb3 95178->95333 95180 24633d 95180->95158 95187 246346 95181->95187 95188 20182c 95181->95188 95184 201940 9 API calls 95185 2013b6 95184->95185 95185->95181 95186 2013ec 95185->95186 95186->95187 95211 201408 __fread_nolock 95186->95211 95343 26359c 82 API calls __wsopen_s 95187->95343 95189 1faceb 23 API calls 95188->95189 95191 201839 95189->95191 95340 20d217 348 API calls 95191->95340 95192 2017d4 95339 2101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95192->95339 95195 24636e 95344 26359c 82 API calls __wsopen_s 95195->95344 95196 20152f 95198 2463d1 95196->95198 95199 20153c 95196->95199 95346 275745 54 API calls _wcslen 95198->95346 95201 201940 9 API calls 95199->95201 95203 201549 95201->95203 95202 20fddb 22 API calls 95202->95211 95206 2464fa 95203->95206 95207 201940 9 API calls 95203->95207 95204 201872 95341 20faeb 23 API calls 95204->95341 95215 246369 95206->95215 95348 26359c 82 API calls __wsopen_s 95206->95348 95213 201563 95207->95213 95211->95191 95211->95195 95211->95196 95211->95202 95212 2463b2 95211->95212 95211->95215 95297 20fe0b 95211->95297 95307 1fec40 95211->95307 95345 26359c 82 API calls __wsopen_s 95212->95345 95213->95206 95218 2015c7 messages 95213->95218 95347 1fa8c7 22 API calls __fread_nolock 95213->95347 95215->95158 95217 201940 9 API calls 95217->95218 95218->95204 95218->95206 95218->95215 95218->95217 95221 20167b messages 95218->95221 95269 27a2ea 95218->95269 95274 27ab67 95218->95274 95277 27abf7 95218->95277 95282 281591 95218->95282 95285 20f645 95218->95285 95292 265c5a 95218->95292 95219 20171d 95219->95158 95221->95219 95331 20ce17 22 API calls messages 95221->95331 95228->95158 95229->95158 95231 1facf9 95230->95231 95239 1fad2a messages 95230->95239 95232 1fad55 95231->95232 95234 1fad01 messages 95231->95234 95232->95239 95579 1fa8c7 22 API calls __fread_nolock 95232->95579 95235 23fa48 95234->95235 95236 1fad21 95234->95236 95234->95239 95235->95239 95580 20ce17 22 API calls messages 95235->95580 95238 23fa3a VariantClear 95236->95238 95236->95239 95238->95239 95239->95130 95240->95159 95241->95159 95242->95159 95243->95159 95244->95159 95245->95155 95246->95159 95252 223820 _free 95247->95252 95248 22385e 95258 21f2d9 20 API calls _free 95248->95258 95249 223849 RtlAllocateHeap 95251 22385c 95249->95251 95249->95252 95251->95163 95252->95248 95252->95249 95257 214ead 7 API calls 2 library calls 95252->95257 95254->95163 95255->95166 95256->95170 95257->95252 95258->95251 95260 201981 95259->95260 95264 20195d 95259->95264 95349 210242 5 API calls __Init_thread_wait 95260->95349 95262 20198b 95262->95264 95350 2101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95262->95350 95268 2013a0 95264->95268 95351 210242 5 API calls __Init_thread_wait 95264->95351 95265 208727 95265->95268 95352 2101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95265->95352 95268->95184 95353 1f7510 95269->95353 95273 27a315 95273->95218 95401 27aff9 95274->95401 95278 27aff9 217 API calls 95277->95278 95280 27ac0c 95278->95280 95279 27ac54 95279->95218 95280->95279 95281 1faceb 23 API calls 95280->95281 95281->95279 95529 282ad8 95282->95529 95284 28159f 95284->95218 95286 1fb567 39 API calls 95285->95286 95287 20f659 95286->95287 95288 20f661 timeGetTime 95287->95288 95289 24f2dc Sleep 95287->95289 95290 1fb567 39 API calls 95288->95290 95291 20f677 95290->95291 95291->95218 95293 1f7510 53 API calls 95292->95293 95294 265c6d 95293->95294 95563 25dbbe lstrlenW 95294->95563 95296 265c77 95296->95218 95299 20fddb 95297->95299 95298 21ea0c ___std_exception_copy 21 API calls 95298->95299 95299->95298 95300 20fdfa 95299->95300 95303 20fdfc 95299->95303 95568 214ead 7 API calls 2 library calls 95299->95568 95300->95211 95302 21066d 95570 2132a4 RaiseException 95302->95570 95303->95302 95569 2132a4 RaiseException 95303->95569 95306 21068a 95306->95211 95329 1fec76 messages 95307->95329 95308 210242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95308->95329 95309 2101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95309->95329 95310 20fddb 22 API calls 95310->95329 95312 1ffef7 95324 1fed9d messages 95312->95324 95574 1fa8c7 22 API calls __fread_nolock 95312->95574 95314 1fa8c7 22 API calls 95314->95329 95315 244600 95315->95324 95573 1fa8c7 22 API calls __fread_nolock 95315->95573 95316 244b0b 95576 26359c 82 API calls __wsopen_s 95316->95576 95322 1ffbe3 95322->95324 95325 244bdc 95322->95325 95330 1ff3ae messages 95322->95330 95323 1fa961 22 API calls 95323->95329 95324->95211 95577 26359c 82 API calls __wsopen_s 95325->95577 95326 2100a3 29 API calls pre_c_initialization 95326->95329 95328 244beb 95578 26359c 82 API calls __wsopen_s 95328->95578 95329->95308 95329->95309 95329->95310 95329->95312 95329->95314 95329->95315 95329->95316 95329->95322 95329->95323 95329->95324 95329->95326 95329->95328 95329->95330 95571 2001e0 348 API calls 2 library calls 95329->95571 95572 2006a0 41 API calls messages 95329->95572 95330->95324 95575 26359c 82 API calls __wsopen_s 95330->95575 95331->95221 95332->95178 95334 1f9cc2 _wcslen 95333->95334 95335 20fe0b 22 API calls 95334->95335 95336 1f9cea __fread_nolock 95335->95336 95337 20fddb 22 API calls 95336->95337 95338 1f9d00 95337->95338 95338->95192 95339->95181 95340->95204 95341->95204 95342->95180 95343->95215 95344->95215 95345->95215 95346->95213 95347->95218 95348->95215 95349->95262 95350->95264 95351->95265 95352->95268 95354 1f7525 95353->95354 95370 1f7522 95353->95370 95355 1f752d 95354->95355 95356 1f755b 95354->95356 95386 2151c6 26 API calls 95355->95386 95358 1f756d 95356->95358 95365 2350f6 95356->95365 95367 23500f 95356->95367 95387 20fb21 51 API calls 95358->95387 95361 1f753d 95364 20fddb 22 API calls 95361->95364 95362 23510e 95362->95362 95366 1f7547 95364->95366 95389 215183 26 API calls 95365->95389 95368 1f9cb3 22 API calls 95366->95368 95369 20fe0b 22 API calls 95367->95369 95375 235088 95367->95375 95368->95370 95372 235058 95369->95372 95376 25d4dc CreateToolhelp32Snapshot Process32FirstW 95370->95376 95371 20fddb 22 API calls 95373 23507f 95371->95373 95372->95371 95374 1f9cb3 22 API calls 95373->95374 95374->95375 95388 20fb21 51 API calls 95375->95388 95390 25def7 95376->95390 95378 25d529 Process32NextW 95379 25d5db CloseHandle 95378->95379 95380 25d522 95378->95380 95379->95273 95380->95378 95380->95379 95381 1fa961 22 API calls 95380->95381 95382 1f9cb3 22 API calls 95380->95382 95396 1f525f 22 API calls 95380->95396 95397 1f6350 22 API calls 95380->95397 95398 20ce60 41 API calls 95380->95398 95381->95380 95382->95380 95386->95361 95387->95361 95388->95365 95389->95362 95394 25df02 95390->95394 95391 25df19 95400 2162fb 39 API calls _strftime 95391->95400 95394->95391 95395 25df1f 95394->95395 95399 2163b2 GetStringTypeW _strftime 95394->95399 95395->95380 95396->95380 95397->95380 95398->95380 95399->95394 95400->95395 95402 27b01d ___scrt_fastfail 95401->95402 95403 27b094 95402->95403 95404 27b058 95402->95404 95406 1fb567 39 API calls 95403->95406 95416 27b08b 95403->95416 95499 1fb567 95404->95499 95410 27b0a5 95406->95410 95407 27b063 95413 1fb567 39 API calls 95407->95413 95407->95416 95408 27b0ed 95409 1f7510 53 API calls 95408->95409 95411 27b10b 95409->95411 95412 1fb567 39 API calls 95410->95412 95492 1f7620 95411->95492 95412->95416 95417 27b078 95413->95417 95414 1fb567 39 API calls 95414->95408 95416->95408 95416->95414 95419 1fb567 39 API calls 95417->95419 95418 27b115 95420 27b11f 95418->95420 95421 27b1d8 95418->95421 95419->95416 95422 1f7510 53 API calls 95420->95422 95423 27b20a GetCurrentDirectoryW 95421->95423 95426 1f7510 53 API calls 95421->95426 95424 27b130 95422->95424 95425 20fe0b 22 API calls 95423->95425 95428 1f7620 22 API calls 95424->95428 95429 27b22f GetCurrentDirectoryW 95425->95429 95427 27b1ef 95426->95427 95430 1f7620 22 API calls 95427->95430 95431 27b13a 95428->95431 95432 27b23c 95429->95432 95433 27b1f9 _wcslen 95430->95433 95434 1f7510 53 API calls 95431->95434 95436 27b275 95432->95436 95504 1f9c6e 22 API calls 95432->95504 95433->95423 95433->95436 95435 27b14b 95434->95435 95437 1f7620 22 API calls 95435->95437 95441 27b287 95436->95441 95442 27b28b 95436->95442 95439 27b155 95437->95439 95443 1f7510 53 API calls 95439->95443 95440 27b255 95505 1f9c6e 22 API calls 95440->95505 95451 27b39a CreateProcessW 95441->95451 95452 27b2f8 95441->95452 95507 2607c0 10 API calls 95442->95507 95446 27b166 95443->95446 95448 1f7620 22 API calls 95446->95448 95447 27b265 95506 1f9c6e 22 API calls 95447->95506 95453 27b170 95448->95453 95450 27b294 95508 2606e6 10 API calls 95450->95508 95491 27b32f _wcslen 95451->95491 95510 2511c8 39 API calls 95452->95510 95457 27b1a6 GetSystemDirectoryW 95453->95457 95461 1f7510 53 API calls 95453->95461 95456 27b2fd 95459 27b323 95456->95459 95460 27b32a 95456->95460 95463 20fe0b 22 API calls 95457->95463 95458 27b2aa 95509 2605a7 8 API calls 95458->95509 95511 251201 128 API calls 2 library calls 95459->95511 95512 2514ce 6 API calls 95460->95512 95465 27b187 95461->95465 95468 27b1cb GetSystemDirectoryW 95463->95468 95470 1f7620 22 API calls 95465->95470 95467 27b2d0 95467->95441 95468->95432 95469 27b328 95469->95491 95471 27b191 _wcslen 95470->95471 95471->95432 95471->95457 95472 27b3d6 GetLastError 95481 27b41a 95472->95481 95473 27b42f CloseHandle 95474 27b43f 95473->95474 95482 27b49a 95473->95482 95476 27b446 CloseHandle 95474->95476 95477 27b451 95474->95477 95476->95477 95479 27b463 95477->95479 95480 27b458 CloseHandle 95477->95480 95478 27b4a6 95478->95481 95483 27b475 95479->95483 95484 27b46a CloseHandle 95479->95484 95480->95479 95496 260175 95481->95496 95482->95478 95488 27b4d2 CloseHandle 95482->95488 95513 2609d9 34 API calls 95483->95513 95484->95483 95487 27b486 95514 27b536 25 API calls 95487->95514 95488->95481 95491->95472 95491->95473 95493 1f762a _wcslen 95492->95493 95494 20fe0b 22 API calls 95493->95494 95495 1f763f 95494->95495 95495->95418 95515 26030f 95496->95515 95500 1fb578 95499->95500 95501 1fb57f 95499->95501 95500->95501 95528 2162d1 39 API calls _strftime 95500->95528 95501->95407 95503 1fb5c2 95503->95407 95504->95440 95505->95447 95506->95436 95507->95450 95508->95458 95509->95467 95510->95456 95511->95469 95512->95491 95513->95487 95514->95482 95516 260321 CloseHandle 95515->95516 95517 260329 95515->95517 95516->95517 95518 260336 95517->95518 95519 26032e CloseHandle 95517->95519 95520 260343 95518->95520 95521 26033b CloseHandle 95518->95521 95519->95518 95522 260350 95520->95522 95523 260348 CloseHandle 95520->95523 95521->95520 95524 260355 CloseHandle 95522->95524 95525 26035d 95522->95525 95523->95522 95524->95525 95526 260362 CloseHandle 95525->95526 95527 26017d 95525->95527 95526->95527 95527->95218 95528->95503 95530 1faceb 23 API calls 95529->95530 95531 282af3 95530->95531 95532 282b1d 95531->95532 95533 282aff 95531->95533 95540 1f6b57 95532->95540 95534 1f7510 53 API calls 95533->95534 95536 282b0c 95534->95536 95537 282b1b 95536->95537 95539 1fa8c7 22 API calls __fread_nolock 95536->95539 95537->95284 95539->95537 95541 234ba1 95540->95541 95542 1f6b67 _wcslen 95540->95542 95553 1f93b2 95541->95553 95545 1f6b7d 95542->95545 95546 1f6ba2 95542->95546 95544 234baa 95544->95544 95552 1f6f34 22 API calls 95545->95552 95548 20fddb 22 API calls 95546->95548 95549 1f6bae 95548->95549 95550 20fe0b 22 API calls 95549->95550 95551 1f6b85 __fread_nolock 95550->95551 95551->95537 95552->95551 95554 1f93c9 __fread_nolock 95553->95554 95555 1f93c0 95553->95555 95554->95544 95555->95554 95557 1faec9 95555->95557 95558 1faedc 95557->95558 95559 1faed9 __fread_nolock 95557->95559 95560 20fddb 22 API calls 95558->95560 95559->95554 95561 1faee7 95560->95561 95562 20fe0b 22 API calls 95561->95562 95562->95559 95564 25dc06 95563->95564 95565 25dbdc GetFileAttributesW 95563->95565 95564->95296 95565->95564 95566 25dbe8 FindFirstFileW 95565->95566 95566->95564 95567 25dbf9 FindClose 95566->95567 95567->95564 95568->95299 95569->95302 95570->95306 95571->95329 95572->95329 95573->95324 95574->95324 95575->95324 95576->95324 95577->95328 95578->95324 95579->95239 95580->95239 95581 232402 95584 1f1410 95581->95584 95585 1f144f mciSendStringW 95584->95585 95586 2324b8 DestroyWindow 95584->95586 95587 1f146b 95585->95587 95588 1f16c6 95585->95588 95599 2324c4 95586->95599 95589 1f1479 95587->95589 95587->95599 95588->95587 95590 1f16d5 UnregisterHotKey 95588->95590 95617 1f182e 95589->95617 95590->95588 95592 2324e2 FindClose 95592->95599 95593 2324d8 95593->95599 95623 1f6246 CloseHandle 95593->95623 95595 232509 95598 23251c FreeLibrary 95595->95598 95600 23252d 95595->95600 95597 1f148e 95597->95600 95605 1f149c 95597->95605 95598->95595 95599->95592 95599->95593 95599->95595 95601 232541 VirtualFree 95600->95601 95608 1f1509 95600->95608 95601->95600 95602 1f14f8 CoUninitialize 95602->95608 95603 232589 95610 232598 messages 95603->95610 95624 2632eb 6 API calls messages 95603->95624 95604 1f1514 95607 1f1524 95604->95607 95605->95602 95621 1f1944 VirtualFreeEx CloseHandle 95607->95621 95608->95603 95608->95604 95613 232627 95610->95613 95625 2564d4 22 API calls messages 95610->95625 95612 1f153a 95612->95610 95614 1f161f 95612->95614 95613->95613 95614->95613 95622 1f1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95614->95622 95616 1f16c1 95618 1f183b 95617->95618 95619 1f1480 95618->95619 95626 25702a 22 API calls 95618->95626 95619->95595 95619->95597 95621->95612 95622->95616 95623->95593 95624->95603 95625->95610 95626->95618 95627 1fdefc 95630 1f1d6f 95627->95630 95629 1fdf07 95631 1f1d8c 95630->95631 95639 1f1f6f 95631->95639 95633 1f1da6 95634 232759 95633->95634 95636 1f1e36 95633->95636 95637 1f1dc2 95633->95637 95643 26359c 82 API calls __wsopen_s 95634->95643 95636->95629 95637->95636 95642 1f289a 23 API calls 95637->95642 95640 1fec40 348 API calls 95639->95640 95641 1f1f98 95640->95641 95641->95633 95642->95636 95643->95636 95644 242a00 95660 1fd7b0 messages 95644->95660 95645 1fdb11 PeekMessageW 95645->95660 95646 1fd807 GetInputState 95646->95645 95646->95660 95647 241cbe TranslateAcceleratorW 95647->95660 95649 1fdb8f PeekMessageW 95649->95660 95650 1fda04 timeGetTime 95650->95660 95651 1fdb73 TranslateMessage DispatchMessageW 95651->95649 95652 1fdbaf Sleep 95652->95660 95653 242b74 Sleep 95666 242a51 95653->95666 95655 241dda timeGetTime 95748 20e300 23 API calls 95655->95748 95657 25d4dc 47 API calls 95657->95666 95659 242c0b GetExitCodeProcess 95664 242c37 CloseHandle 95659->95664 95665 242c21 WaitForSingleObject 95659->95665 95660->95645 95660->95646 95660->95647 95660->95649 95660->95650 95660->95651 95660->95652 95660->95653 95660->95655 95661 1fd9d5 95660->95661 95660->95666 95672 1fec40 348 API calls 95660->95672 95674 201310 348 API calls 95660->95674 95676 1fdd50 95660->95676 95683 1fbf40 95660->95683 95741 20edf6 95660->95741 95746 1fdfd0 348 API calls 3 library calls 95660->95746 95747 20e551 timeGetTime 95660->95747 95749 263a2a 23 API calls 95660->95749 95750 26359c 82 API calls __wsopen_s 95660->95750 95662 2829bf GetForegroundWindow 95662->95666 95664->95666 95665->95660 95665->95664 95666->95657 95666->95659 95666->95660 95666->95661 95666->95662 95667 242ca9 Sleep 95666->95667 95751 275658 23 API calls 95666->95751 95752 25e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95666->95752 95753 20e551 timeGetTime 95666->95753 95667->95660 95672->95660 95674->95660 95677 1fdd6f 95676->95677 95678 1fdd83 95676->95678 95754 1fd260 95677->95754 95786 26359c 82 API calls __wsopen_s 95678->95786 95680 1fdd7a 95680->95660 95682 242f75 95682->95682 95793 1fadf0 95683->95793 95685 1fbf9d 95686 2404b6 95685->95686 95687 1fbfa9 95685->95687 95811 26359c 82 API calls __wsopen_s 95686->95811 95689 1fc01e 95687->95689 95690 2404c6 95687->95690 95798 1fac91 95689->95798 95812 26359c 82 API calls __wsopen_s 95690->95812 95693 1fc7da 95698 20fe0b 22 API calls 95693->95698 95695 257120 22 API calls 95738 1fc039 __fread_nolock messages 95695->95738 95703 1fc808 __fread_nolock 95698->95703 95701 2404f5 95704 24055a 95701->95704 95813 20d217 348 API calls 95701->95813 95708 20fe0b 22 API calls 95703->95708 95728 1fc603 95704->95728 95814 26359c 82 API calls __wsopen_s 95704->95814 95705 1fec40 348 API calls 95705->95738 95706 20fddb 22 API calls 95706->95738 95707 24091a 95823 263209 23 API calls 95707->95823 95739 1fc350 __fread_nolock messages 95708->95739 95709 1faf8a 22 API calls 95709->95738 95712 2408a5 95713 1fec40 348 API calls 95712->95713 95715 2408cf 95713->95715 95715->95728 95821 1fa81b 41 API calls 95715->95821 95716 240591 95815 26359c 82 API calls __wsopen_s 95716->95815 95717 2408f6 95822 26359c 82 API calls __wsopen_s 95717->95822 95722 1faceb 23 API calls 95722->95738 95723 1fc253 95725 240976 95723->95725 95732 1fc297 messages 95723->95732 95724 1fc237 95724->95723 95824 1fa8c7 22 API calls __fread_nolock 95724->95824 95730 1faceb 23 API calls 95725->95730 95727 20fe0b 22 API calls 95727->95738 95728->95660 95731 2409bf 95730->95731 95731->95728 95825 26359c 82 API calls __wsopen_s 95731->95825 95732->95731 95733 1faceb 23 API calls 95732->95733 95734 1fc335 95733->95734 95734->95731 95736 1fc342 95734->95736 95735 1fbbe0 40 API calls 95735->95738 95809 1fa704 22 API calls messages 95736->95809 95738->95693 95738->95695 95738->95701 95738->95703 95738->95704 95738->95705 95738->95706 95738->95707 95738->95709 95738->95712 95738->95716 95738->95717 95738->95722 95738->95724 95738->95727 95738->95728 95738->95731 95738->95735 95802 1fad81 95738->95802 95816 257099 22 API calls __fread_nolock 95738->95816 95817 275745 54 API calls _wcslen 95738->95817 95818 20aa42 22 API calls messages 95738->95818 95819 25f05c 40 API calls 95738->95819 95820 1fa993 41 API calls 95738->95820 95740 1fc3ac 95739->95740 95810 20ce17 22 API calls messages 95739->95810 95740->95660 95742 20ee09 95741->95742 95744 20ee12 95741->95744 95742->95660 95743 20ee36 IsDialogMessageW 95743->95742 95743->95744 95744->95742 95744->95743 95745 24efaf GetClassLongW 95744->95745 95745->95743 95745->95744 95746->95660 95747->95660 95748->95660 95749->95660 95750->95660 95751->95666 95752->95666 95753->95666 95755 1fec40 348 API calls 95754->95755 95776 1fd29d 95755->95776 95756 241bc4 95792 26359c 82 API calls __wsopen_s 95756->95792 95758 1fd30b messages 95758->95680 95759 1fd6d5 95759->95758 95768 20fe0b 22 API calls 95759->95768 95760 1fd3c3 95760->95759 95762 1fd3ce 95760->95762 95761 1fd5ff 95764 241bb5 95761->95764 95765 1fd614 95761->95765 95763 20fddb 22 API calls 95762->95763 95773 1fd3d5 __fread_nolock 95763->95773 95791 275705 23 API calls 95764->95791 95770 20fddb 22 API calls 95765->95770 95766 1fd4b8 95771 20fe0b 22 API calls 95766->95771 95767 20fddb 22 API calls 95767->95776 95768->95773 95772 1fd46a 95770->95772 95774 1fd429 __fread_nolock messages 95771->95774 95772->95680 95775 20fddb 22 API calls 95773->95775 95777 1fd3f6 95773->95777 95774->95761 95774->95772 95779 241ba4 95774->95779 95781 1f1f6f 348 API calls 95774->95781 95782 241b7f 95774->95782 95784 241b5d 95774->95784 95775->95777 95776->95756 95776->95758 95776->95759 95776->95760 95776->95766 95776->95767 95776->95774 95777->95774 95787 1fbec0 348 API calls 95777->95787 95790 26359c 82 API calls __wsopen_s 95779->95790 95781->95774 95789 26359c 82 API calls __wsopen_s 95782->95789 95788 26359c 82 API calls __wsopen_s 95784->95788 95786->95682 95787->95774 95788->95772 95789->95772 95790->95772 95791->95756 95792->95758 95794 1fae01 95793->95794 95797 1fae1c messages 95793->95797 95795 1faec9 22 API calls 95794->95795 95796 1fae09 CharUpperBuffW 95795->95796 95796->95797 95797->95685 95799 1facae 95798->95799 95800 1facd1 95799->95800 95826 26359c 82 API calls __wsopen_s 95799->95826 95800->95738 95803 23fadb 95802->95803 95804 1fad92 95802->95804 95805 20fddb 22 API calls 95804->95805 95806 1fad99 95805->95806 95827 1fadcd 95806->95827 95809->95739 95810->95739 95811->95690 95812->95728 95813->95704 95814->95728 95815->95728 95816->95738 95817->95738 95818->95738 95819->95738 95820->95738 95821->95717 95822->95728 95823->95724 95824->95723 95825->95728 95826->95800 95831 1faddd 95827->95831 95828 1fadb6 95828->95738 95829 20fddb 22 API calls 95829->95831 95831->95828 95831->95829 95833 1fadcd 22 API calls 95831->95833 95834 1fa961 95831->95834 95839 1fa8c7 22 API calls __fread_nolock 95831->95839 95833->95831 95835 20fe0b 22 API calls 95834->95835 95836 1fa976 95835->95836 95837 20fddb 22 API calls 95836->95837 95838 1fa984 95837->95838 95838->95831 95839->95831 95840 1f105b 95845 1f344d 95840->95845 95842 1f106a 95876 2100a3 29 API calls __onexit 95842->95876 95844 1f1074 95846 1f345d __wsopen_s 95845->95846 95847 1fa961 22 API calls 95846->95847 95848 1f3513 95847->95848 95877 1f3a5a 95848->95877 95850 1f351c 95884 1f3357 95850->95884 95857 1fa961 22 API calls 95858 1f354d 95857->95858 95905 1fa6c3 95858->95905 95861 233176 RegQueryValueExW 95862 233193 95861->95862 95863 23320c RegCloseKey 95861->95863 95864 20fe0b 22 API calls 95862->95864 95865 1f3578 95863->95865 95871 23321e _wcslen 95863->95871 95866 2331ac 95864->95866 95865->95842 95911 1f5722 95866->95911 95869 2331d4 95870 1f6b57 22 API calls 95869->95870 95872 2331ee messages 95870->95872 95871->95865 95873 1f9cb3 22 API calls 95871->95873 95874 1f515f 22 API calls 95871->95874 95875 1f4c6d 22 API calls 95871->95875 95872->95863 95873->95871 95874->95871 95875->95871 95876->95844 95914 231f50 95877->95914 95880 1f9cb3 22 API calls 95881 1f3a8d 95880->95881 95916 1f3aa2 95881->95916 95883 1f3a97 95883->95850 95885 231f50 __wsopen_s 95884->95885 95886 1f3364 GetFullPathNameW 95885->95886 95887 1f3386 95886->95887 95888 1f6b57 22 API calls 95887->95888 95889 1f33a4 95888->95889 95890 1f33c6 95889->95890 95891 1f33dd 95890->95891 95892 2330bb 95890->95892 95930 1f33ee 95891->95930 95894 20fddb 22 API calls 95892->95894 95896 2330c5 _wcslen 95894->95896 95895 1f33e8 95899 1f515f 95895->95899 95897 20fe0b 22 API calls 95896->95897 95898 2330fe __fread_nolock 95897->95898 95900 1f516e 95899->95900 95904 1f518f __fread_nolock 95899->95904 95902 20fe0b 22 API calls 95900->95902 95901 20fddb 22 API calls 95903 1f3544 95901->95903 95902->95904 95903->95857 95904->95901 95906 1fa6dd 95905->95906 95907 1f3556 RegOpenKeyExW 95905->95907 95908 20fddb 22 API calls 95906->95908 95907->95861 95907->95865 95909 1fa6e7 95908->95909 95910 20fe0b 22 API calls 95909->95910 95910->95907 95912 20fddb 22 API calls 95911->95912 95913 1f5734 RegQueryValueExW 95912->95913 95913->95869 95913->95872 95915 1f3a67 GetModuleFileNameW 95914->95915 95915->95880 95917 231f50 __wsopen_s 95916->95917 95918 1f3aaf GetFullPathNameW 95917->95918 95919 1f3ace 95918->95919 95920 1f3ae9 95918->95920 95921 1f6b57 22 API calls 95919->95921 95922 1fa6c3 22 API calls 95920->95922 95923 1f3ada 95921->95923 95922->95923 95926 1f37a0 95923->95926 95927 1f37ae 95926->95927 95928 1f93b2 22 API calls 95927->95928 95929 1f37c2 95928->95929 95929->95883 95931 1f33fe _wcslen 95930->95931 95932 23311d 95931->95932 95933 1f3411 95931->95933 95934 20fddb 22 API calls 95932->95934 95940 1fa587 95933->95940 95937 233127 95934->95937 95936 1f341e __fread_nolock 95936->95895 95938 20fe0b 22 API calls 95937->95938 95939 233157 __fread_nolock 95938->95939 95941 1fa59d 95940->95941 95944 1fa598 __fread_nolock 95940->95944 95942 20fe0b 22 API calls 95941->95942 95943 23f80f 95941->95943 95942->95944 95943->95943 95944->95936 95945 232ba5 95946 1f2b25 95945->95946 95947 232baf 95945->95947 95973 1f2b83 7 API calls 95946->95973 95949 1f3a5a 24 API calls 95947->95949 95951 232bb8 95949->95951 95953 1f9cb3 22 API calls 95951->95953 95955 232bc6 95953->95955 95954 1f2b2f 95961 1f2b44 95954->95961 95977 1f3837 95954->95977 95956 232bf5 95955->95956 95957 232bce 95955->95957 95958 1f33c6 22 API calls 95956->95958 95959 1f33c6 22 API calls 95957->95959 95962 232bf1 GetForegroundWindow ShellExecuteW 95958->95962 95963 232bd9 95959->95963 95964 1f2b5f 95961->95964 95987 1f30f2 95961->95987 95968 232c26 95962->95968 95991 1f6350 22 API calls 95963->95991 95970 1f2b66 SetCurrentDirectoryW 95964->95970 95968->95964 95969 232be7 95971 1f33c6 22 API calls 95969->95971 95972 1f2b7a 95970->95972 95971->95962 95992 1f2cd4 7 API calls 95973->95992 95975 1f2b2a 95976 1f2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95975->95976 95976->95954 95978 1f3862 ___scrt_fastfail 95977->95978 95993 1f4212 95978->95993 95981 1f38e8 95983 233386 Shell_NotifyIconW 95981->95983 95984 1f3906 Shell_NotifyIconW 95981->95984 95997 1f3923 95984->95997 95986 1f391c 95986->95961 95988 1f3154 95987->95988 95989 1f3104 ___scrt_fastfail 95987->95989 95988->95964 95990 1f3123 Shell_NotifyIconW 95989->95990 95990->95988 95991->95969 95992->95975 95994 2335a4 95993->95994 95995 1f38b7 95993->95995 95994->95995 95996 2335ad DestroyIcon 95994->95996 95995->95981 96019 25c874 42 API calls _strftime 95995->96019 95996->95995 95998 1f393f 95997->95998 95999 1f3a13 95997->95999 96020 1f6270 95998->96020 95999->95986 96002 233393 LoadStringW 96005 2333ad 96002->96005 96003 1f395a 96004 1f6b57 22 API calls 96003->96004 96006 1f396f 96004->96006 96013 1f3994 ___scrt_fastfail 96005->96013 96026 1fa8c7 22 API calls __fread_nolock 96005->96026 96007 1f397c 96006->96007 96008 2333c9 96006->96008 96007->96005 96010 1f3986 96007->96010 96027 1f6350 22 API calls 96008->96027 96025 1f6350 22 API calls 96010->96025 96016 1f39f9 Shell_NotifyIconW 96013->96016 96014 2333d7 96014->96013 96015 1f33c6 22 API calls 96014->96015 96017 2333f9 96015->96017 96016->95999 96018 1f33c6 22 API calls 96017->96018 96018->96013 96019->95981 96021 20fe0b 22 API calls 96020->96021 96022 1f6295 96021->96022 96023 20fddb 22 API calls 96022->96023 96024 1f394d 96023->96024 96024->96002 96024->96003 96025->96013 96026->96013 96027->96014 96028 1f1098 96033 1f42de 96028->96033 96032 1f10a7 96034 1fa961 22 API calls 96033->96034 96035 1f42f5 GetVersionExW 96034->96035 96036 1f6b57 22 API calls 96035->96036 96037 1f4342 96036->96037 96038 1f93b2 22 API calls 96037->96038 96041 1f4378 96037->96041 96039 1f436c 96038->96039 96040 1f37a0 22 API calls 96039->96040 96040->96041 96042 1f441b GetCurrentProcess IsWow64Process 96041->96042 96046 2337df 96041->96046 96043 1f4437 96042->96043 96044 1f444f LoadLibraryA 96043->96044 96045 233824 GetSystemInfo 96043->96045 96047 1f449c GetSystemInfo 96044->96047 96048 1f4460 GetProcAddress 96044->96048 96049 1f4476 96047->96049 96048->96047 96050 1f4470 GetNativeSystemInfo 96048->96050 96051 1f447a FreeLibrary 96049->96051 96052 1f109d 96049->96052 96050->96049 96051->96052 96053 2100a3 29 API calls __onexit 96052->96053 96053->96032 96054 1f2e37 96055 1fa961 22 API calls 96054->96055 96056 1f2e4d 96055->96056 96133 1f4ae3 96056->96133 96058 1f2e6b 96059 1f3a5a 24 API calls 96058->96059 96060 1f2e7f 96059->96060 96061 1f9cb3 22 API calls 96060->96061 96062 1f2e8c 96061->96062 96147 1f4ecb 96062->96147 96065 1f2ead 96169 1fa8c7 22 API calls __fread_nolock 96065->96169 96066 232cb0 96187 262cf9 96066->96187 96068 232cc3 96069 232ccf 96068->96069 96213 1f4f39 96068->96213 96074 1f4f39 68 API calls 96069->96074 96072 1f2ec3 96170 1f6f88 22 API calls 96072->96170 96076 232ce5 96074->96076 96075 1f2ecf 96077 1f9cb3 22 API calls 96075->96077 96219 1f3084 22 API calls 96076->96219 96078 1f2edc 96077->96078 96171 1fa81b 41 API calls 96078->96171 96080 1f2eec 96083 1f9cb3 22 API calls 96080->96083 96082 232d02 96220 1f3084 22 API calls 96082->96220 96084 1f2f12 96083->96084 96172 1fa81b 41 API calls 96084->96172 96086 232d1e 96088 1f3a5a 24 API calls 96086->96088 96089 232d44 96088->96089 96221 1f3084 22 API calls 96089->96221 96090 1f2f21 96093 1fa961 22 API calls 96090->96093 96092 232d50 96222 1fa8c7 22 API calls __fread_nolock 96092->96222 96095 1f2f3f 96093->96095 96173 1f3084 22 API calls 96095->96173 96096 232d5e 96223 1f3084 22 API calls 96096->96223 96099 1f2f4b 96174 214a28 40 API calls 3 library calls 96099->96174 96100 232d6d 96224 1fa8c7 22 API calls __fread_nolock 96100->96224 96102 1f2f59 96102->96076 96103 1f2f63 96102->96103 96175 214a28 40 API calls 3 library calls 96103->96175 96106 1f2f6e 96106->96082 96108 1f2f78 96106->96108 96107 232d83 96225 1f3084 22 API calls 96107->96225 96176 214a28 40 API calls 3 library calls 96108->96176 96110 232d90 96112 1f2f83 96112->96086 96113 1f2f8d 96112->96113 96177 214a28 40 API calls 3 library calls 96113->96177 96115 1f2f98 96116 1f2fdc 96115->96116 96178 1f3084 22 API calls 96115->96178 96116->96100 96117 1f2fe8 96116->96117 96117->96110 96181 1f63eb 22 API calls 96117->96181 96120 1f2fbf 96179 1fa8c7 22 API calls __fread_nolock 96120->96179 96121 1f2ff8 96182 1f6a50 22 API calls 96121->96182 96123 1f2fcd 96180 1f3084 22 API calls 96123->96180 96126 1f3006 96183 1f70b0 23 API calls 96126->96183 96130 1f3021 96131 1f3065 96130->96131 96184 1f6f88 22 API calls 96130->96184 96185 1f70b0 23 API calls 96130->96185 96186 1f3084 22 API calls 96130->96186 96134 1f4af0 __wsopen_s 96133->96134 96135 1f6b57 22 API calls 96134->96135 96136 1f4b22 96134->96136 96135->96136 96145 1f4b58 96136->96145 96226 1f4c6d 96136->96226 96138 1f9cb3 22 API calls 96140 1f4c52 96138->96140 96139 1f9cb3 22 API calls 96139->96145 96141 1f515f 22 API calls 96140->96141 96144 1f4c5e 96141->96144 96142 1f4c6d 22 API calls 96142->96145 96143 1f515f 22 API calls 96143->96145 96144->96058 96145->96139 96145->96142 96145->96143 96146 1f4c29 96145->96146 96146->96138 96146->96144 96229 1f4e90 LoadLibraryA 96147->96229 96152 1f4ef6 LoadLibraryExW 96237 1f4e59 LoadLibraryA 96152->96237 96153 233ccf 96154 1f4f39 68 API calls 96153->96154 96156 233cd6 96154->96156 96159 1f4e59 3 API calls 96156->96159 96161 233cde 96159->96161 96160 1f4f20 96160->96161 96162 1f4f2c 96160->96162 96259 1f50f5 40 API calls __fread_nolock 96161->96259 96163 1f4f39 68 API calls 96162->96163 96165 1f2ea5 96163->96165 96165->96065 96165->96066 96166 233cf5 96260 2628fe 27 API calls 96166->96260 96168 233d05 96169->96072 96170->96075 96171->96080 96172->96090 96173->96099 96174->96102 96175->96106 96176->96112 96177->96115 96178->96120 96179->96123 96180->96116 96181->96121 96182->96126 96183->96130 96184->96130 96185->96130 96186->96130 96188 262d15 96187->96188 96324 1f511f 64 API calls 96188->96324 96190 262d29 96325 262e66 75 API calls 96190->96325 96192 262d3b 96211 262d3f 96192->96211 96326 1f50f5 40 API calls __fread_nolock 96192->96326 96194 262d56 96327 1f50f5 40 API calls __fread_nolock 96194->96327 96196 262d66 96328 1f50f5 40 API calls __fread_nolock 96196->96328 96198 262d81 96329 1f50f5 40 API calls __fread_nolock 96198->96329 96200 262d9c 96330 1f511f 64 API calls 96200->96330 96202 262db3 96203 21ea0c ___std_exception_copy 21 API calls 96202->96203 96204 262dba 96203->96204 96205 21ea0c ___std_exception_copy 21 API calls 96204->96205 96206 262dc4 96205->96206 96331 1f50f5 40 API calls __fread_nolock 96206->96331 96208 262dd8 96332 2628fe 27 API calls 96208->96332 96210 262dee 96210->96211 96333 2622ce 96210->96333 96211->96068 96214 1f4f4a 96213->96214 96215 1f4f43 96213->96215 96217 1f4f6a FreeLibrary 96214->96217 96218 1f4f59 96214->96218 96216 21e678 67 API calls 96215->96216 96216->96214 96217->96218 96218->96069 96219->96082 96220->96086 96221->96092 96222->96096 96223->96100 96224->96107 96225->96110 96227 1faec9 22 API calls 96226->96227 96228 1f4c78 96227->96228 96228->96136 96230 1f4ea8 GetProcAddress 96229->96230 96231 1f4ec6 96229->96231 96232 1f4eb8 96230->96232 96234 21e5eb 96231->96234 96232->96231 96233 1f4ebf FreeLibrary 96232->96233 96233->96231 96261 21e52a 96234->96261 96236 1f4eea 96236->96152 96236->96153 96238 1f4e6e GetProcAddress 96237->96238 96239 1f4e8d 96237->96239 96240 1f4e7e 96238->96240 96242 1f4f80 96239->96242 96240->96239 96241 1f4e86 FreeLibrary 96240->96241 96241->96239 96243 20fe0b 22 API calls 96242->96243 96244 1f4f95 96243->96244 96245 1f5722 22 API calls 96244->96245 96246 1f4fa1 __fread_nolock 96245->96246 96247 1f50a5 96246->96247 96248 233d1d 96246->96248 96258 1f4fdc 96246->96258 96313 1f42a2 CreateStreamOnHGlobal 96247->96313 96321 26304d 74 API calls 96248->96321 96251 233d22 96322 1f511f 64 API calls 96251->96322 96254 233d45 96323 1f50f5 40 API calls __fread_nolock 96254->96323 96257 1f506e messages 96257->96160 96258->96251 96258->96257 96319 1f50f5 40 API calls __fread_nolock 96258->96319 96320 1f511f 64 API calls 96258->96320 96259->96166 96260->96168 96264 21e536 BuildCatchObjectHelperInternal 96261->96264 96262 21e544 96286 21f2d9 20 API calls _free 96262->96286 96264->96262 96266 21e574 96264->96266 96265 21e549 96287 2227ec 26 API calls pre_c_initialization 96265->96287 96268 21e586 96266->96268 96269 21e579 96266->96269 96278 228061 96268->96278 96288 21f2d9 20 API calls _free 96269->96288 96272 21e58f 96273 21e5a2 96272->96273 96274 21e595 96272->96274 96290 21e5d4 LeaveCriticalSection __fread_nolock 96273->96290 96289 21f2d9 20 API calls _free 96274->96289 96276 21e554 __fread_nolock 96276->96236 96279 22806d BuildCatchObjectHelperInternal 96278->96279 96291 222f5e EnterCriticalSection 96279->96291 96281 22807b 96292 2280fb 96281->96292 96285 2280ac __fread_nolock 96285->96272 96286->96265 96287->96276 96288->96276 96289->96276 96290->96276 96291->96281 96301 22811e 96292->96301 96293 228177 96294 224c7d _free 20 API calls 96293->96294 96295 228180 96294->96295 96297 2229c8 _free 20 API calls 96295->96297 96298 228189 96297->96298 96300 228088 96298->96300 96310 223405 11 API calls 2 library calls 96298->96310 96305 2280b7 96300->96305 96301->96293 96301->96300 96308 21918d EnterCriticalSection 96301->96308 96309 2191a1 LeaveCriticalSection 96301->96309 96302 2281a8 96311 21918d EnterCriticalSection 96302->96311 96312 222fa6 LeaveCriticalSection 96305->96312 96307 2280be 96307->96285 96308->96301 96309->96301 96310->96302 96311->96300 96312->96307 96314 1f42bc FindResourceExW 96313->96314 96318 1f42d9 96313->96318 96315 2335ba LoadResource 96314->96315 96314->96318 96316 2335cf SizeofResource 96315->96316 96315->96318 96317 2335e3 LockResource 96316->96317 96316->96318 96317->96318 96318->96258 96319->96258 96320->96258 96321->96251 96322->96254 96323->96257 96324->96190 96325->96192 96326->96194 96327->96196 96328->96198 96329->96200 96330->96202 96331->96208 96332->96210 96334 2622e7 96333->96334 96335 2622d9 96333->96335 96337 26232c 96334->96337 96338 21e5eb 29 API calls 96334->96338 96348 2622f0 96334->96348 96336 21e5eb 29 API calls 96335->96336 96336->96334 96362 262557 40 API calls __fread_nolock 96337->96362 96340 262311 96338->96340 96340->96337 96342 26231a 96340->96342 96341 262370 96343 262374 96341->96343 96344 262395 96341->96344 96342->96348 96370 21e678 96342->96370 96346 262381 96343->96346 96350 21e678 67 API calls 96343->96350 96363 262171 96344->96363 96346->96348 96353 21e678 67 API calls 96346->96353 96348->96211 96349 26239d 96351 2623c3 96349->96351 96352 2623a3 96349->96352 96350->96346 96383 2623f3 74 API calls 96351->96383 96355 21e678 67 API calls 96352->96355 96356 2623b0 96352->96356 96353->96348 96355->96356 96356->96348 96357 21e678 67 API calls 96356->96357 96357->96348 96358 2623ca 96359 2623de 96358->96359 96360 21e678 67 API calls 96358->96360 96359->96348 96361 21e678 67 API calls 96359->96361 96360->96359 96361->96348 96362->96341 96364 21ea0c ___std_exception_copy 21 API calls 96363->96364 96365 26217f 96364->96365 96366 21ea0c ___std_exception_copy 21 API calls 96365->96366 96367 262190 96366->96367 96368 21ea0c ___std_exception_copy 21 API calls 96367->96368 96369 26219c 96368->96369 96369->96349 96371 21e684 BuildCatchObjectHelperInternal 96370->96371 96372 21e695 96371->96372 96373 21e6aa 96371->96373 96401 21f2d9 20 API calls _free 96372->96401 96379 21e6a5 __fread_nolock 96373->96379 96384 21918d EnterCriticalSection 96373->96384 96376 21e69a 96402 2227ec 26 API calls pre_c_initialization 96376->96402 96377 21e6c6 96385 21e602 96377->96385 96379->96348 96381 21e6d1 96403 21e6ee LeaveCriticalSection __fread_nolock 96381->96403 96383->96358 96384->96377 96386 21e624 96385->96386 96387 21e60f 96385->96387 96392 21e61f 96386->96392 96404 21dc0b 96386->96404 96436 21f2d9 20 API calls _free 96387->96436 96389 21e614 96437 2227ec 26 API calls pre_c_initialization 96389->96437 96392->96381 96397 21e646 96421 22862f 96397->96421 96400 2229c8 _free 20 API calls 96400->96392 96401->96376 96402->96379 96403->96379 96405 21dc1f 96404->96405 96406 21dc23 96404->96406 96410 224d7a 96405->96410 96406->96405 96407 21d955 __fread_nolock 26 API calls 96406->96407 96408 21dc43 96407->96408 96438 2259be 62 API calls 6 library calls 96408->96438 96411 224d90 96410->96411 96412 21e640 96410->96412 96411->96412 96413 2229c8 _free 20 API calls 96411->96413 96414 21d955 96412->96414 96413->96412 96415 21d961 96414->96415 96416 21d976 96414->96416 96439 21f2d9 20 API calls _free 96415->96439 96416->96397 96418 21d966 96440 2227ec 26 API calls pre_c_initialization 96418->96440 96420 21d971 96420->96397 96422 22863e 96421->96422 96426 228653 96421->96426 96444 21f2c6 20 API calls _free 96422->96444 96424 22868e 96446 21f2c6 20 API calls _free 96424->96446 96425 228643 96445 21f2d9 20 API calls _free 96425->96445 96426->96424 96430 22867a 96426->96430 96428 228693 96447 21f2d9 20 API calls _free 96428->96447 96441 228607 96430->96441 96433 22869b 96448 2227ec 26 API calls pre_c_initialization 96433->96448 96434 21e64c 96434->96392 96434->96400 96436->96389 96437->96392 96438->96405 96439->96418 96440->96420 96449 228585 96441->96449 96443 22862b 96443->96434 96444->96425 96445->96434 96446->96428 96447->96433 96448->96434 96450 228591 BuildCatchObjectHelperInternal 96449->96450 96460 225147 EnterCriticalSection 96450->96460 96452 22859f 96453 2285d1 96452->96453 96454 2285c6 96452->96454 96461 21f2d9 20 API calls _free 96453->96461 96455 2286ae __wsopen_s 29 API calls 96454->96455 96457 2285cc 96455->96457 96462 2285fb LeaveCriticalSection __wsopen_s 96457->96462 96459 2285ee __fread_nolock 96459->96443 96460->96452 96461->96457 96462->96459 96463 1f3156 96466 1f3170 96463->96466 96467 1f3187 96466->96467 96468 1f318c 96467->96468 96469 1f31eb 96467->96469 96510 1f31e9 96467->96510 96470 1f3199 96468->96470 96471 1f3265 PostQuitMessage 96468->96471 96473 232dfb 96469->96473 96474 1f31f1 96469->96474 96478 1f31a4 96470->96478 96479 232e7c 96470->96479 96506 1f316a 96471->96506 96472 1f31d0 DefWindowProcW 96472->96506 96521 1f18e2 10 API calls 96473->96521 96475 1f321d SetTimer RegisterWindowMessageW 96474->96475 96476 1f31f8 96474->96476 96483 1f3246 CreatePopupMenu 96475->96483 96475->96506 96480 1f3201 KillTimer 96476->96480 96481 232d9c 96476->96481 96484 1f31ae 96478->96484 96485 232e68 96478->96485 96524 25bf30 34 API calls ___scrt_fastfail 96479->96524 96487 1f30f2 Shell_NotifyIconW 96480->96487 96493 232da1 96481->96493 96494 232dd7 MoveWindow 96481->96494 96482 232e1c 96522 20e499 42 API calls 96482->96522 96483->96506 96490 1f31b9 96484->96490 96491 232e4d 96484->96491 96511 25c161 96485->96511 96495 1f3214 96487->96495 96496 1f3253 96490->96496 96505 1f31c4 96490->96505 96491->96472 96523 250ad7 22 API calls 96491->96523 96492 232e8e 96492->96472 96492->96506 96497 232da7 96493->96497 96498 232dc6 SetFocus 96493->96498 96494->96506 96518 1f3c50 DeleteObject DestroyWindow 96495->96518 96519 1f326f 44 API calls ___scrt_fastfail 96496->96519 96502 232db0 96497->96502 96497->96505 96498->96506 96520 1f18e2 10 API calls 96502->96520 96504 1f3263 96504->96506 96505->96472 96507 1f30f2 Shell_NotifyIconW 96505->96507 96508 232e41 96507->96508 96509 1f3837 49 API calls 96508->96509 96509->96510 96510->96472 96512 25c276 96511->96512 96513 25c179 ___scrt_fastfail 96511->96513 96512->96506 96514 1f3923 24 API calls 96513->96514 96516 25c1a0 96514->96516 96515 25c25f KillTimer SetTimer 96515->96512 96516->96515 96517 25c251 Shell_NotifyIconW 96516->96517 96517->96515 96518->96506 96519->96504 96520->96506 96521->96482 96522->96505 96523->96510 96524->96492 96525 1f1033 96530 1f4c91 96525->96530 96529 1f1042 96531 1fa961 22 API calls 96530->96531 96532 1f4cff 96531->96532 96538 1f3af0 96532->96538 96535 1f4d9c 96536 1f1038 96535->96536 96541 1f51f7 22 API calls __fread_nolock 96535->96541 96537 2100a3 29 API calls __onexit 96536->96537 96537->96529 96542 1f3b1c 96538->96542 96541->96535 96543 1f3b0f 96542->96543 96544 1f3b29 96542->96544 96543->96535 96544->96543 96545 1f3b30 RegOpenKeyExW 96544->96545 96545->96543 96546 1f3b4a RegQueryValueExW 96545->96546 96547 1f3b6b 96546->96547 96548 1f3b80 RegCloseKey 96546->96548 96547->96548 96548->96543 96549 243f75 96560 20ceb1 96549->96560 96551 243f8b 96559 244006 96551->96559 96569 20e300 23 API calls 96551->96569 96553 1fbf40 348 API calls 96554 244052 96553->96554 96557 244a88 96554->96557 96571 26359c 82 API calls __wsopen_s 96554->96571 96556 243fe6 96556->96554 96570 261abf 22 API calls 96556->96570 96559->96553 96561 20ced2 96560->96561 96562 20cebf 96560->96562 96564 20cf05 96561->96564 96565 20ced7 96561->96565 96563 1faceb 23 API calls 96562->96563 96568 20cec9 96563->96568 96567 1faceb 23 API calls 96564->96567 96566 20fddb 22 API calls 96565->96566 96566->96568 96567->96568 96568->96551 96569->96556 96570->96559 96571->96557 96572 1f1cad SystemParametersInfoW 96573 2103fb 96574 210407 BuildCatchObjectHelperInternal 96573->96574 96602 20feb1 96574->96602 96576 210561 96632 21083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96576->96632 96578 21040e 96578->96576 96580 210438 96578->96580 96579 210568 96625 214e52 96579->96625 96590 210477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96580->96590 96613 22247d 96580->96613 96587 210457 96589 2104d8 96621 210959 96589->96621 96590->96589 96628 214e1a 38 API calls 3 library calls 96590->96628 96593 2104de 96594 2104f3 96593->96594 96629 210992 GetModuleHandleW 96594->96629 96596 2104fa 96596->96579 96597 2104fe 96596->96597 96598 210507 96597->96598 96630 214df5 28 API calls _abort 96597->96630 96631 210040 13 API calls 2 library calls 96598->96631 96601 21050f 96601->96587 96603 20feba 96602->96603 96634 210698 IsProcessorFeaturePresent 96603->96634 96605 20fec6 96635 212c94 10 API calls 3 library calls 96605->96635 96607 20fecb 96612 20fecf 96607->96612 96636 222317 96607->96636 96610 20fee6 96610->96578 96612->96578 96616 222494 96613->96616 96614 210a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96615 210451 96614->96615 96615->96587 96617 222421 96615->96617 96616->96614 96618 222450 96617->96618 96619 210a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96618->96619 96620 222479 96619->96620 96620->96590 96687 212340 96621->96687 96623 21096c GetStartupInfoW 96624 21097f 96623->96624 96624->96593 96689 214bcf 96625->96689 96628->96589 96629->96596 96630->96598 96631->96601 96632->96579 96634->96605 96635->96607 96640 22d1f6 96636->96640 96639 212cbd 8 API calls 3 library calls 96639->96612 96643 22d213 96640->96643 96644 22d20f 96640->96644 96642 20fed8 96642->96610 96642->96639 96643->96644 96646 224bfb 96643->96646 96658 210a8c 96644->96658 96647 224c07 BuildCatchObjectHelperInternal 96646->96647 96665 222f5e EnterCriticalSection 96647->96665 96649 224c0e 96666 2250af 96649->96666 96651 224c1d 96652 224c2c 96651->96652 96679 224a8f 29 API calls 96651->96679 96681 224c48 LeaveCriticalSection _abort 96652->96681 96655 224c27 96680 224b45 GetStdHandle GetFileType 96655->96680 96656 224c3d __fread_nolock 96656->96643 96659 210a95 96658->96659 96660 210a97 IsProcessorFeaturePresent 96658->96660 96659->96642 96662 210c5d 96660->96662 96686 210c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96662->96686 96664 210d40 96664->96642 96665->96649 96667 2250bb BuildCatchObjectHelperInternal 96666->96667 96668 2250c8 96667->96668 96669 2250df 96667->96669 96683 21f2d9 20 API calls _free 96668->96683 96682 222f5e EnterCriticalSection 96669->96682 96672 2250cd 96684 2227ec 26 API calls pre_c_initialization 96672->96684 96673 2250eb 96677 225000 __wsopen_s 21 API calls 96673->96677 96678 225117 96673->96678 96675 2250d7 __fread_nolock 96675->96651 96677->96673 96685 22513e LeaveCriticalSection _abort 96678->96685 96679->96655 96680->96652 96681->96656 96682->96673 96683->96672 96684->96675 96685->96675 96686->96664 96688 212357 96687->96688 96688->96623 96688->96688 96690 214bdb BuildCatchObjectHelperInternal 96689->96690 96691 214be2 96690->96691 96692 214bf4 96690->96692 96728 214d29 GetModuleHandleW 96691->96728 96713 222f5e EnterCriticalSection 96692->96713 96695 214be7 96695->96692 96729 214d6d GetModuleHandleExW 96695->96729 96696 214c99 96717 214cd9 96696->96717 96700 214c70 96705 214c88 96700->96705 96709 222421 _abort 5 API calls 96700->96709 96702 214bfb 96702->96696 96702->96700 96714 2221a8 96702->96714 96703 214ce2 96737 231d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96703->96737 96704 214cb6 96720 214ce8 96704->96720 96710 222421 _abort 5 API calls 96705->96710 96709->96705 96710->96696 96713->96702 96738 221ee1 96714->96738 96757 222fa6 LeaveCriticalSection 96717->96757 96719 214cb2 96719->96703 96719->96704 96758 22360c 96720->96758 96723 214d16 96726 214d6d _abort 8 API calls 96723->96726 96724 214cf6 GetPEB 96724->96723 96725 214d06 GetCurrentProcess TerminateProcess 96724->96725 96725->96723 96727 214d1e ExitProcess 96726->96727 96728->96695 96730 214d97 GetProcAddress 96729->96730 96731 214dba 96729->96731 96732 214dac 96730->96732 96733 214dc0 FreeLibrary 96731->96733 96734 214dc9 96731->96734 96732->96731 96733->96734 96735 210a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96734->96735 96736 214bf3 96735->96736 96736->96692 96741 221e90 96738->96741 96740 221f05 96740->96700 96742 221e9c BuildCatchObjectHelperInternal 96741->96742 96749 222f5e EnterCriticalSection 96742->96749 96744 221eaa 96750 221f31 96744->96750 96748 221ec8 __fread_nolock 96748->96740 96749->96744 96751 221f51 96750->96751 96752 221f59 96750->96752 96753 210a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96751->96753 96752->96751 96755 2229c8 _free 20 API calls 96752->96755 96754 221eb7 96753->96754 96756 221ed5 LeaveCriticalSection _abort 96754->96756 96755->96751 96756->96748 96757->96719 96759 223631 96758->96759 96760 223627 96758->96760 96765 222fd7 5 API calls 2 library calls 96759->96765 96762 210a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96760->96762 96763 214cf2 96762->96763 96763->96723 96763->96724 96764 223648 96764->96760 96765->96764 96766 1f1044 96771 1f10f3 96766->96771 96768 1f104a 96807 2100a3 29 API calls __onexit 96768->96807 96770 1f1054 96808 1f1398 96771->96808 96775 1f116a 96776 1fa961 22 API calls 96775->96776 96777 1f1174 96776->96777 96778 1fa961 22 API calls 96777->96778 96779 1f117e 96778->96779 96780 1fa961 22 API calls 96779->96780 96781 1f1188 96780->96781 96782 1fa961 22 API calls 96781->96782 96783 1f11c6 96782->96783 96784 1fa961 22 API calls 96783->96784 96785 1f1292 96784->96785 96818 1f171c 96785->96818 96789 1f12c4 96790 1fa961 22 API calls 96789->96790 96791 1f12ce 96790->96791 96792 201940 9 API calls 96791->96792 96793 1f12f9 96792->96793 96839 1f1aab 96793->96839 96795 1f1315 96796 1f1325 GetStdHandle 96795->96796 96797 232485 96796->96797 96799 1f137a 96796->96799 96798 23248e 96797->96798 96797->96799 96800 20fddb 22 API calls 96798->96800 96801 1f1387 OleInitialize 96799->96801 96802 232495 96800->96802 96801->96768 96846 26011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96802->96846 96804 23249e 96847 260944 CreateThread 96804->96847 96806 2324aa CloseHandle 96806->96799 96807->96770 96848 1f13f1 96808->96848 96811 1f13f1 22 API calls 96812 1f13d0 96811->96812 96813 1fa961 22 API calls 96812->96813 96814 1f13dc 96813->96814 96815 1f6b57 22 API calls 96814->96815 96816 1f1129 96815->96816 96817 1f1bc3 6 API calls 96816->96817 96817->96775 96819 1fa961 22 API calls 96818->96819 96820 1f172c 96819->96820 96821 1fa961 22 API calls 96820->96821 96822 1f1734 96821->96822 96823 1fa961 22 API calls 96822->96823 96824 1f174f 96823->96824 96825 20fddb 22 API calls 96824->96825 96826 1f129c 96825->96826 96827 1f1b4a 96826->96827 96828 1f1b58 96827->96828 96829 1fa961 22 API calls 96828->96829 96830 1f1b63 96829->96830 96831 1fa961 22 API calls 96830->96831 96832 1f1b6e 96831->96832 96833 1fa961 22 API calls 96832->96833 96834 1f1b79 96833->96834 96835 1fa961 22 API calls 96834->96835 96836 1f1b84 96835->96836 96837 20fddb 22 API calls 96836->96837 96838 1f1b96 RegisterWindowMessageW 96837->96838 96838->96789 96840 1f1abb 96839->96840 96841 23272d 96839->96841 96842 20fddb 22 API calls 96840->96842 96855 263209 23 API calls 96841->96855 96844 1f1ac3 96842->96844 96844->96795 96845 232738 96846->96804 96847->96806 96856 26092a 28 API calls 96847->96856 96849 1fa961 22 API calls 96848->96849 96850 1f13fc 96849->96850 96851 1fa961 22 API calls 96850->96851 96852 1f1404 96851->96852 96853 1fa961 22 API calls 96852->96853 96854 1f13c6 96853->96854 96854->96811 96855->96845 96857 1f2de3 96858 1f2df0 __wsopen_s 96857->96858 96859 1f2e09 96858->96859 96860 232c2b ___scrt_fastfail 96858->96860 96861 1f3aa2 23 API calls 96859->96861 96862 232c47 GetOpenFileNameW 96860->96862 96863 1f2e12 96861->96863 96864 232c96 96862->96864 96873 1f2da5 96863->96873 96866 1f6b57 22 API calls 96864->96866 96868 232cab 96866->96868 96868->96868 96870 1f2e27 96891 1f44a8 96870->96891 96874 231f50 __wsopen_s 96873->96874 96875 1f2db2 GetLongPathNameW 96874->96875 96876 1f6b57 22 API calls 96875->96876 96877 1f2dda 96876->96877 96878 1f3598 96877->96878 96879 1fa961 22 API calls 96878->96879 96880 1f35aa 96879->96880 96881 1f3aa2 23 API calls 96880->96881 96882 1f35b5 96881->96882 96883 1f35c0 96882->96883 96888 2332eb 96882->96888 96885 1f515f 22 API calls 96883->96885 96886 1f35cc 96885->96886 96920 1f35f3 96886->96920 96887 23330d 96888->96887 96926 20ce60 41 API calls 96888->96926 96890 1f35df 96890->96870 96892 1f4ecb 94 API calls 96891->96892 96893 1f44cd 96892->96893 96894 233833 96893->96894 96896 1f4ecb 94 API calls 96893->96896 96895 262cf9 80 API calls 96894->96895 96898 233848 96895->96898 96897 1f44e1 96896->96897 96897->96894 96899 1f44e9 96897->96899 96900 233869 96898->96900 96901 23384c 96898->96901 96902 233854 96899->96902 96903 1f44f5 96899->96903 96905 20fe0b 22 API calls 96900->96905 96904 1f4f39 68 API calls 96901->96904 96944 25da5a 82 API calls 96902->96944 96943 1f940c 136 API calls 2 library calls 96903->96943 96904->96902 96919 2338ae 96905->96919 96908 1f2e31 96909 233862 96909->96900 96910 1f4f39 68 API calls 96913 233a5f 96910->96913 96913->96910 96948 25989b 82 API calls __wsopen_s 96913->96948 96916 1f9cb3 22 API calls 96916->96919 96919->96913 96919->96916 96927 25967e 96919->96927 96930 2595ad 96919->96930 96945 260b5a 22 API calls 96919->96945 96946 1fa4a1 22 API calls __fread_nolock 96919->96946 96947 1f3ff7 22 API calls 96919->96947 96921 1f3605 96920->96921 96925 1f3624 __fread_nolock 96920->96925 96924 20fe0b 22 API calls 96921->96924 96922 20fddb 22 API calls 96923 1f363b 96922->96923 96923->96890 96924->96925 96925->96922 96926->96888 96928 20fe0b 22 API calls 96927->96928 96929 2596ae __fread_nolock 96928->96929 96929->96919 96929->96929 96931 218e0b 40 API calls 96930->96931 96932 2595c4 96931->96932 96933 218e0b 40 API calls 96932->96933 96942 2595cb _wcslen 96932->96942 96934 2595e4 96933->96934 96935 218e0b 40 API calls 96934->96935 96934->96942 96936 2595fe 96935->96936 96937 1f7620 22 API calls 96936->96937 96936->96942 96938 25960e 96937->96938 96949 1f7650 GetStringTypeW 96938->96949 96940 259616 96950 1f773d GetStringTypeW _wcslen 96940->96950 96942->96919 96943->96908 96944->96909 96945->96919 96946->96919 96947->96919 96948->96913 96949->96940 96950->96942 96951 282a55 96959 261ebc 96951->96959 96954 282a70 96961 2539c0 22 API calls 96954->96961 96956 282a87 96957 282a7c 96962 25417d 22 API calls __fread_nolock 96957->96962 96960 261ec3 IsWindow 96959->96960 96960->96954 96960->96956 96961->96957 96962->96956

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 389 1f42de-1f434d call 1fa961 GetVersionExW call 1f6b57 394 233617-23362a 389->394 395 1f4353 389->395 396 23362b-23362f 394->396 397 1f4355-1f4357 395->397 398 233632-23363e 396->398 399 233631 396->399 400 1f435d-1f43bc call 1f93b2 call 1f37a0 397->400 401 233656 397->401 398->396 402 233640-233642 398->402 399->398 417 2337df-2337e6 400->417 418 1f43c2-1f43c4 400->418 406 23365d-233660 401->406 402->397 405 233648-23364f 402->405 405->394 408 233651 405->408 409 1f441b-1f4435 GetCurrentProcess IsWow64Process 406->409 410 233666-2336a8 406->410 408->401 413 1f4437 409->413 414 1f4494-1f449a 409->414 410->409 411 2336ae-2336b1 410->411 415 2336b3-2336bd 411->415 416 2336db-2336e5 411->416 419 1f443d-1f4449 413->419 414->419 420 2336ca-2336d6 415->420 421 2336bf-2336c5 415->421 423 2336e7-2336f3 416->423 424 2336f8-233702 416->424 425 233806-233809 417->425 426 2337e8 417->426 418->406 422 1f43ca-1f43dd 418->422 427 1f444f-1f445e LoadLibraryA 419->427 428 233824-233828 GetSystemInfo 419->428 420->409 421->409 429 233726-23372f 422->429 430 1f43e3-1f43e5 422->430 423->409 432 233715-233721 424->432 433 233704-233710 424->433 434 2337f4-2337fc 425->434 435 23380b-23381a 425->435 431 2337ee 426->431 436 1f449c-1f44a6 GetSystemInfo 427->436 437 1f4460-1f446e GetProcAddress 427->437 441 233731-233737 429->441 442 23373c-233748 429->442 439 1f43eb-1f43ee 430->439 440 23374d-233762 430->440 431->434 432->409 433->409 434->425 435->431 443 23381c-233822 435->443 438 1f4476-1f4478 436->438 437->436 444 1f4470-1f4474 GetNativeSystemInfo 437->444 445 1f447a-1f447b FreeLibrary 438->445 446 1f4481-1f4493 438->446 447 233791-233794 439->447 448 1f43f4-1f440f 439->448 449 233764-23376a 440->449 450 23376f-23377b 440->450 441->409 442->409 443->434 444->438 445->446 447->409 451 23379a-2337c1 447->451 452 233780-23378c 448->452 453 1f4415 448->453 449->409 450->409 454 2337c3-2337c9 451->454 455 2337ce-2337da 451->455 452->409 453->409 454->409 455->409
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 001F430D
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,0028CB64,00000000,?,?), ref: 001F4422
                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 001F4429
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 001F4454
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 001F4466
                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 001F4474
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 001F447B
                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 001F44A0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                            • Opcode ID: 49c22f7baa8c1237a566075e45d9ea9db740920db104a0e565dc075d99f34404
                                                                                                                                                                                                                                                            • Instruction ID: 8a816c163194cc66bb44974adf34b366dc489988487b31399ea4a66aa59a5c66
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49c22f7baa8c1237a566075e45d9ea9db740920db104a0e565dc075d99f34404
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92A1067692A6C4CFC716DB687C8F9A57FA47B67308B1855D8E041A3A63D3304678CB21

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 793 1f42a2-1f42ba CreateStreamOnHGlobal 794 1f42bc-1f42d3 FindResourceExW 793->794 795 1f42da-1f42dd 793->795 796 1f42d9 794->796 797 2335ba-2335c9 LoadResource 794->797 796->795 797->796 798 2335cf-2335dd SizeofResource 797->798 798->796 799 2335e3-2335ee LockResource 798->799 799->796 800 2335f4-233612 799->800 800->796
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,001F50AA,?,?,00000000,00000000), ref: 001F42B2
                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,001F50AA,?,?,00000000,00000000), ref: 001F42C9
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,001F50AA,?,?,00000000,00000000,?,?,?,?,?,?,001F4F20), ref: 002335BE
                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,001F50AA,?,?,00000000,00000000,?,?,?,?,?,?,001F4F20), ref: 002335D3
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(001F50AA,?,?,001F50AA,?,?,00000000,00000000,?,?,?,?,?,?,001F4F20,?), ref: 002335E6
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                            • Opcode ID: 2879fc33fa19ab04299a0d47d0a26b70d2b7ff25e4b2a4ca1647e1eefea2e398
                                                                                                                                                                                                                                                            • Instruction ID: d8a59ec9d90f407e81f0db598270b28d586fe49362e90fb0d482e49eecfded89
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2879fc33fa19ab04299a0d47d0a26b70d2b7ff25e4b2a4ca1647e1eefea2e398
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93117974201705BFEB218BA5EC48F677BB9EBC9B51F248169B942966A0DB71D8008B30

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 001F2B6B
                                                                                                                                                                                                                                                              • Part of subcall function 001F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,002C1418,?,001F2E7F,?,?,?,00000000), ref: 001F3A78
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,002B2224), ref: 00232C10
                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,002B2224), ref: 00232C17
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                            • Opcode ID: 35651b23f377fd37420e4e975bb79666735e1744e391484c744e197f0602b3d0
                                                                                                                                                                                                                                                            • Instruction ID: fd7eeebbd8506109a3a55ee8e23f874d88cae2d998b3fc2b86615977f277ad94
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35651b23f377fd37420e4e975bb79666735e1744e391484c744e197f0602b3d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC11D63110830DAAC715FF60E856EBEB7A4AFB2380F44142DF796560A3CF31995AC752

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 1239 25d4dc-25d524 CreateToolhelp32Snapshot Process32FirstW call 25def7 1242 25d5d2-25d5d5 1239->1242 1243 25d529-25d538 Process32NextW 1242->1243 1244 25d5db-25d5ea CloseHandle 1242->1244 1243->1244 1245 25d53e-25d5ad call 1fa961 * 2 call 1f9cb3 call 1f525f call 1f988f call 1f6350 call 20ce60 1243->1245 1260 25d5b7-25d5be 1245->1260 1261 25d5af-25d5b1 1245->1261 1262 25d5c0-25d5cd call 1f988f * 2 1260->1262 1261->1262 1263 25d5b3-25d5b5 1261->1263 1262->1242 1263->1260 1263->1262
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0025D501
                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0025D50F
                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0025D52F
                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0025D5DC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                            • Opcode ID: 2a8a40fc3e4977b5ab0282ae1b4503e3a3a49bcc31ee9df751b89b25cee3cb82
                                                                                                                                                                                                                                                            • Instruction ID: 8ffc7eae4ce3060d1f2dd12d65845fd2e043f322c7d7af798b4c6d3a21348b96
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a8a40fc3e4977b5ab0282ae1b4503e3a3a49bcc31ee9df751b89b25cee3cb82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4731C2710083059FD310EF54D885ABFBBF8EF99344F54092DF685861A2EB719A48CBA2

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 1267 25dbbe-25dbda lstrlenW 1268 25dc06 1267->1268 1269 25dbdc-25dbe6 GetFileAttributesW 1267->1269 1270 25dc09-25dc0d 1268->1270 1269->1270 1271 25dbe8-25dbf7 FindFirstFileW 1269->1271 1271->1268 1272 25dbf9-25dc04 FindClose 1271->1272 1272->1270
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00235222), ref: 0025DBCE
                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0025DBDD
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0025DBEE
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0025DBFA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                            • Opcode ID: b6af791efb679bd93f6800258f6a35200d092aedab47e1366c14487a41a640ea
                                                                                                                                                                                                                                                            • Instruction ID: 6c9e912ae7ea93eff93952d9d69ae24e87d2408c819d99222ec3c4c564eda726
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6af791efb679bd93f6800258f6a35200d092aedab47e1366c14487a41a640ea
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0A0308219109782306F7CBC0D8BE37AC9E01336BA04703FC36C20E4EBB0596886A9
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(002228E9,?,00214CBE,002228E9,002B88B8,0000000C,00214E15,002228E9,00000002,00000000,?,002228E9), ref: 00214D09
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00214CBE,002228E9,002B88B8,0000000C,00214E15,002228E9,00000002,00000000,?,002228E9), ref: 00214D10
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00214D22
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                            • Opcode ID: 55a25e1d769045634c75377276bcab9e1aeab4dc9714b69768794dec1bc47710
                                                                                                                                                                                                                                                            • Instruction ID: d664ec524364187c6ce6db8c07c80c62799c6f76accfe76bf87c3616af95e32b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55a25e1d769045634c75377276bcab9e1aeab4dc9714b69768794dec1bc47710
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25E0B635021148ABCF11BF54FD0DA983BA9FB55B81B204054FC0D8A122CB35DDA2DB90
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: p#,
                                                                                                                                                                                                                                                            • API String ID: 3964851224-667003584
                                                                                                                                                                                                                                                            • Opcode ID: b34024d2d8bcac97f7dffb76195c0a4d7a612df44d6d055ff53a593dbb3c63a1
                                                                                                                                                                                                                                                            • Instruction ID: fcce8c3ca7c2a1ba89e2914a4d1bdc97065f7c61a4569b40be1e841756fdbe4a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b34024d2d8bcac97f7dffb76195c0a4d7a612df44d6d055ff53a593dbb3c63a1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3A27B706183458FD728DF18C580B2AB7E1BF89304F14896DEA8A8B352D771EC95DF92

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 0 27aff9-27b056 call 212340 3 27b094-27b098 0->3 4 27b058-27b06b call 1fb567 0->4 5 27b0dd-27b0e0 3->5 6 27b09a-27b0bb call 1fb567 * 2 3->6 14 27b06d-27b092 call 1fb567 * 2 4->14 15 27b0c8 4->15 10 27b0f5-27b119 call 1f7510 call 1f7620 5->10 11 27b0e2-27b0e5 5->11 29 27b0bf-27b0c4 6->29 31 27b11f-27b178 call 1f7510 call 1f7620 call 1f7510 call 1f7620 call 1f7510 call 1f7620 10->31 32 27b1d8-27b1e0 10->32 16 27b0e8-27b0ed call 1fb567 11->16 14->29 19 27b0cb-27b0cf 15->19 16->10 24 27b0d1-27b0d7 19->24 25 27b0d9-27b0db 19->25 24->16 25->5 25->10 29->5 33 27b0c6 29->33 80 27b1a6-27b1d6 GetSystemDirectoryW call 20fe0b GetSystemDirectoryW 31->80 81 27b17a-27b195 call 1f7510 call 1f7620 31->81 36 27b1e2-27b1fd call 1f7510 call 1f7620 32->36 37 27b20a-27b238 GetCurrentDirectoryW call 20fe0b GetCurrentDirectoryW 32->37 33->19 36->37 50 27b1ff-27b208 call 214963 36->50 46 27b23c 37->46 49 27b240-27b244 46->49 52 27b246-27b270 call 1f9c6e * 3 49->52 53 27b275-27b285 call 2600d9 49->53 50->37 50->53 52->53 62 27b287-27b289 53->62 63 27b28b-27b2e1 call 2607c0 call 2606e6 call 2605a7 53->63 66 27b2ee-27b2f2 62->66 63->66 99 27b2e3 63->99 73 27b39a-27b3be CreateProcessW 66->73 74 27b2f8-27b321 call 2511c8 66->74 77 27b3c1-27b3d4 call 20fe14 * 2 73->77 84 27b323-27b328 call 251201 74->84 85 27b32a call 2514ce 74->85 103 27b3d6-27b3e8 77->103 104 27b42f-27b43d CloseHandle 77->104 80->46 81->80 107 27b197-27b1a0 call 214963 81->107 98 27b32f-27b33c call 214963 84->98 85->98 115 27b347-27b357 call 214963 98->115 116 27b33e-27b345 98->116 99->66 105 27b3ed-27b3fc 103->105 106 27b3ea 103->106 109 27b43f-27b444 104->109 110 27b49c 104->110 111 27b401-27b42a GetLastError call 1f630c call 1fcfa0 105->111 112 27b3fe 105->112 106->105 107->49 107->80 117 27b446-27b44c CloseHandle 109->117 118 27b451-27b456 109->118 113 27b4a0-27b4a4 110->113 127 27b4e5-27b4f6 call 260175 111->127 112->111 120 27b4a6-27b4b0 113->120 121 27b4b2-27b4bc 113->121 137 27b362-27b372 call 214963 115->137 138 27b359-27b360 115->138 116->115 116->116 117->118 124 27b463-27b468 118->124 125 27b458-27b45e CloseHandle 118->125 120->127 128 27b4c4-27b4e3 call 1fcfa0 CloseHandle 121->128 129 27b4be 121->129 131 27b475-27b49a call 2609d9 call 27b536 124->131 132 27b46a-27b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 146 27b374-27b37b 137->146 147 27b37d-27b398 call 20fe14 * 3 137->147 138->137 138->138 146->146 146->147 147->77
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027B198
                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0027B1B0
                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0027B1D4
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027B200
                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0027B214
                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0027B236
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027B332
                                                                                                                                                                                                                                                              • Part of subcall function 002605A7: GetStdHandle.KERNEL32(000000F6), ref: 002605C6
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027B34B
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027B366
                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0027B3B6
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0027B407
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0027B439
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027B44A
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027B45C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027B46E
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0027B4E3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                            • Opcode ID: d307e964e82d79e309a7da2acb56cfe84bd9c1689b581553196a72babbed2a11
                                                                                                                                                                                                                                                            • Instruction ID: faeabd4a206967f839b79ab566823d52157073071516262fff0f04ae94154fa9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d307e964e82d79e309a7da2acb56cfe84bd9c1689b581553196a72babbed2a11
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06F1BC316283419FC725EF24C891B6FBBE1AF85314F14855DF9998B2A2CB31EC54CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 001FD807
                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 001FDA07
                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001FDB28
                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 001FDB7B
                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 001FDB89
                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001FDB9F
                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 001FDBB1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                            • Opcode ID: a46f0c616f4de2cdb374ca0640e3dbb7d28ba22ab6c0b8d421ea64091c571260
                                                                                                                                                                                                                                                            • Instruction ID: 34cfe57b01bffd766b223eb50eec0488344068d4f6bf3560008573d1101bedc4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a46f0c616f4de2cdb374ca0640e3dbb7d28ba22ab6c0b8d421ea64091c571260
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A420230618346DFD728CF24E888B7AB7A2BF46304F55465DF65587291C7B0E8A8CF92

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 001F2D07
                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 001F2D31
                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001F2D42
                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 001F2D5F
                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001F2D6F
                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 001F2D85
                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001F2D94
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                            • Opcode ID: 176410b7a4b2a2bc048ad5373d4c8bac5e2f3b75feffb4b2589a479e14e7443f
                                                                                                                                                                                                                                                            • Instruction ID: 554bf46347e4e2ea783448b939dc8859fab977f0952298939528a0fe111e625f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 176410b7a4b2a2bc048ad5373d4c8bac5e2f3b75feffb4b2589a479e14e7443f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B21E4B5952208AFDB00DFA4F849A9DBBB8FB09700F10411AE511A62A1D7B14550CFA1

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 457 23065b-23068b call 23042f 460 2306a6-2306b2 call 225221 457->460 461 23068d-230698 call 21f2c6 457->461 467 2306b4-2306c9 call 21f2c6 call 21f2d9 460->467 468 2306cb-230714 call 23039a 460->468 466 23069a-2306a1 call 21f2d9 461->466 477 23097d-230983 466->477 467->466 475 230781-23078a GetFileType 468->475 476 230716-23071f 468->476 482 2307d3-2307d6 475->482 483 23078c-2307bd GetLastError call 21f2a3 CloseHandle 475->483 480 230721-230725 476->480 481 230756-23077c GetLastError call 21f2a3 476->481 480->481 486 230727-230754 call 23039a 480->486 481->466 484 2307d8-2307dd 482->484 485 2307df-2307e5 482->485 483->466 494 2307c3-2307ce call 21f2d9 483->494 489 2307e9-230837 call 22516a 484->489 485->489 490 2307e7 485->490 486->475 486->481 500 230847-23086b call 23014d 489->500 501 230839-230845 call 2305ab 489->501 490->489 494->466 506 23087e-2308c1 500->506 507 23086d 500->507 501->500 508 23086f-230879 call 2286ae 501->508 510 2308c3-2308c7 506->510 511 2308e2-2308f0 506->511 507->508 508->477 510->511 513 2308c9-2308dd 510->513 514 2308f6-2308fa 511->514 515 23097b 511->515 513->511 514->515 516 2308fc-23092f CloseHandle call 23039a 514->516 515->477 519 230963-230977 516->519 520 230931-23095d GetLastError call 21f2a3 call 225333 516->520 519->515 520->519
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0023039A: CreateFileW.KERNELBASE(00000000,00000000,?,00230704,?,?,00000000,?,00230704,00000000,0000000C), ref: 002303B7
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0023076F
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00230776
                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00230782
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0023078C
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00230795
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002307B5
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002308FF
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00230931
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00230938
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                            • Opcode ID: 01cc5d2a96cb91e79313b666161e31d962bd56e799701dabdd2c12cd632444d5
                                                                                                                                                                                                                                                            • Instruction ID: 035e3b3aad339d9f39fb1269bfb8c9702ced0e97eea6139d832261acb6e530a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01cc5d2a96cb91e79313b666161e31d962bd56e799701dabdd2c12cd632444d5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99A13872A201498FDF19EF68DCA5BAD7BB0AB46320F14015DF8159B2D1CB319C62CFA1

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,002C1418,?,001F2E7F,?,?,?,00000000), ref: 001F3A78
                                                                                                                                                                                                                                                              • Part of subcall function 001F3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 001F3379
                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 001F356A
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0023318D
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 002331CE
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00233210
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00233277
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00233286
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                            • Opcode ID: e1c7dfac3bc4ecb5095e299521572ed6c9e6adcb3e4bee0229e7a654af5ea8f6
                                                                                                                                                                                                                                                            • Instruction ID: 873b116859718ddcdfb5fe21946eddc598cee571be2912c281c4a69bfd6e1ec8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1c7dfac3bc4ecb5095e299521572ed6c9e6adcb3e4bee0229e7a654af5ea8f6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA7189B1414345DEC314EF65EC85DABBBE8FF95340F40056EF945931A0EB749A48CB62

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 001F2B8E
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 001F2B9D
                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 001F2BB3
                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 001F2BC5
                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 001F2BD7
                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 001F2BEF
                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 001F2C40
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: GetSysColorBrush.USER32(0000000F), ref: 001F2D07
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: RegisterClassExW.USER32(00000030), ref: 001F2D31
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001F2D42
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: InitCommonControlsEx.COMCTL32(?), ref: 001F2D5F
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001F2D6F
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: LoadIconW.USER32(000000A9), ref: 001F2D85
                                                                                                                                                                                                                                                              • Part of subcall function 001F2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001F2D94
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                            • Opcode ID: 2045e4ae40c7e3e331c99b7ba762f7201ca6d79e71a0240e77b6a6aa40f48c52
                                                                                                                                                                                                                                                            • Instruction ID: e5497b53f321ed462aa929e64408afeefdfe1b478b90828b88f9afc42455e8d2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2045e4ae40c7e3e331c99b7ba762f7201ca6d79e71a0240e77b6a6aa40f48c52
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E217C74E01398ABDB109FA5FC4EEA9BFB4FB49B44F14009AE600A36A1D3B54520CF90

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 598 1f3170-1f3185 599 1f3187-1f318a 598->599 600 1f31e5-1f31e7 598->600 601 1f318c-1f3193 599->601 602 1f31eb 599->602 600->599 603 1f31e9 600->603 604 1f3199-1f319e 601->604 605 1f3265-1f326d PostQuitMessage 601->605 607 232dfb-232e23 call 1f18e2 call 20e499 602->607 608 1f31f1-1f31f6 602->608 606 1f31d0-1f31d8 DefWindowProcW 603->606 612 1f31a4-1f31a8 604->612 613 232e7c-232e90 call 25bf30 604->613 615 1f3219-1f321b 605->615 614 1f31de-1f31e4 606->614 643 232e28-232e2f 607->643 609 1f321d-1f3244 SetTimer RegisterWindowMessageW 608->609 610 1f31f8-1f31fb 608->610 609->615 619 1f3246-1f3251 CreatePopupMenu 609->619 616 1f3201-1f320f KillTimer call 1f30f2 610->616 617 232d9c-232d9f 610->617 620 1f31ae-1f31b3 612->620 621 232e68-232e72 call 25c161 612->621 613->615 637 232e96 613->637 615->614 632 1f3214 call 1f3c50 616->632 629 232da1-232da5 617->629 630 232dd7-232df6 MoveWindow 617->630 619->615 626 1f31b9-1f31be 620->626 627 232e4d-232e54 620->627 633 232e77 621->633 635 1f31c4-1f31ca 626->635 636 1f3253-1f3263 call 1f326f 626->636 627->606 631 232e5a-232e63 call 250ad7 627->631 638 232da7-232daa 629->638 639 232dc6-232dd2 SetFocus 629->639 630->615 631->606 632->615 633->615 635->606 635->643 636->615 637->606 638->635 644 232db0-232dc1 call 1f18e2 638->644 639->615 643->606 648 232e35-232e48 call 1f30f2 call 1f3837 643->648 644->615 648->606
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,001F316A,?,?), ref: 001F31D8
                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,001F316A,?,?), ref: 001F3204
                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001F3227
                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,001F316A,?,?), ref: 001F3232
                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 001F3246
                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 001F3267
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                            • Opcode ID: ca8c0f56df7e825a1699e6b2fe659ff2317c4c9fcfbbc9e3337650a82a67efe6
                                                                                                                                                                                                                                                            • Instruction ID: 79ae510ede08cfd2f295b82e04d1973dec5b227a99823283e446ffcbb420f6ff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca8c0f56df7e825a1699e6b2fe659ff2317c4c9fcfbbc9e3337650a82a67efe6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70413B3926420CE7DB183F78AD1FF793619EB06344F14011AFB26862A2CB71DA64D771

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 654 1f1410-1f1449 655 1f144f-1f1465 mciSendStringW 654->655 656 2324b8-2324b9 DestroyWindow 654->656 657 1f146b-1f1473 655->657 658 1f16c6-1f16d3 655->658 659 2324c4-2324d1 656->659 657->659 660 1f1479-1f1488 call 1f182e 657->660 661 1f16f8-1f16ff 658->661 662 1f16d5-1f16f0 UnregisterHotKey 658->662 663 2324d3-2324d6 659->663 664 232500-232507 659->664 675 1f148e-1f1496 660->675 676 23250e-23251a 660->676 661->657 667 1f1705 661->667 662->661 666 1f16f2-1f16f3 call 1f10d0 662->666 668 2324e2-2324e5 FindClose 663->668 669 2324d8-2324e0 call 1f6246 663->669 664->659 672 232509 664->672 666->661 667->658 674 2324eb-2324f8 668->674 669->674 672->676 674->664 680 2324fa-2324fb call 2632b1 674->680 681 232532-23253f 675->681 682 1f149c-1f14c1 call 1fcfa0 675->682 677 232524-23252b 676->677 678 23251c-23251e FreeLibrary 676->678 677->676 683 23252d 677->683 678->677 680->664 684 232541-23255e VirtualFree 681->684 685 232566-23256d 681->685 692 1f14f8-1f1503 CoUninitialize 682->692 693 1f14c3 682->693 683->681 684->685 688 232560-232561 call 263317 684->688 685->681 689 23256f 685->689 688->685 696 232574-232578 689->696 695 1f1509-1f150e 692->695 692->696 694 1f14c6-1f14f6 call 1f1a05 call 1f19ae 693->694 694->692 698 232589-232596 call 2632eb 695->698 699 1f1514-1f151e 695->699 696->695 700 23257e-232584 696->700 712 232598 698->712 703 1f1707-1f1714 call 20f80e 699->703 704 1f1524-1f15a5 call 1f988f call 1f1944 call 1f17d5 call 20fe14 call 1f177c call 1f988f call 1fcfa0 call 1f17fe call 20fe14 699->704 700->695 703->704 714 1f171a 703->714 716 23259d-2325bf call 20fdcd 704->716 744 1f15ab-1f15cf call 20fe14 704->744 712->716 714->703 722 2325c1 716->722 726 2325c6-2325e8 call 20fdcd 722->726 732 2325ea 726->732 734 2325ef-232611 call 20fdcd 732->734 740 232613 734->740 743 232618-232625 call 2564d4 740->743 749 232627 743->749 744->726 750 1f15d5-1f15f9 call 20fe14 744->750 753 23262c-232639 call 20ac64 749->753 750->734 754 1f15ff-1f1619 call 20fe14 750->754 759 23263b 753->759 754->743 760 1f161f-1f1643 call 1f17d5 call 20fe14 754->760 762 232640-23264d call 263245 759->762 760->753 769 1f1649-1f1651 760->769 767 23264f 762->767 770 232654-232661 call 2632cc 767->770 769->762 771 1f1657-1f1675 call 1f988f call 1f190a 769->771 776 232663 770->776 771->770 780 1f167b-1f1689 771->780 779 232668-232675 call 2632cc 776->779 786 232677 779->786 780->779 781 1f168f-1f16c5 call 1f988f * 3 call 1f1876 780->781 786->786
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 001F1459
                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 001F14F8
                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 001F16DD
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 002324B9
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0023251E
                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0023254B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                            • Opcode ID: a4f535190eeb9816bf2c74d45a95525cc07c8e91c1d51972a9b44753cc5ddfd1
                                                                                                                                                                                                                                                            • Instruction ID: 7693da5b1a0fb44edf9389445762a224a986e7e46e736bcd7a14482f02b30785
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4f535190eeb9816bf2c74d45a95525cc07c8e91c1d51972a9b44753cc5ddfd1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3D1AE71712212DFCB29EF14D499B39F7A4BF05700F6541ADE94AAB292CB30AD26CF50

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 803 1f2c63-1f2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001F2C91
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 001F2CB2
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,001F1CAD,?), ref: 001F2CC6
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,001F1CAD,?), ref: 001F2CCF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                            • Opcode ID: c318b91d86bc2bf0f5fc13c5ef2192e179db6e9d7d0e1e69f552411bb6a81a56
                                                                                                                                                                                                                                                            • Instruction ID: d42ca21c8e4055b251cc62c693f31d5847a3f39da3c443a7573056e20281fd99
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c318b91d86bc2bf0f5fc13c5ef2192e179db6e9d7d0e1e69f552411bb6a81a56
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF0B2796412D07AEB211B27BC0EE776EBDDBCBF64B11009AF900A35A1C6751860DAB0

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 1228 1f3b1c-1f3b27 1229 1f3b99-1f3b9b 1228->1229 1230 1f3b29-1f3b2e 1228->1230 1231 1f3b8c-1f3b8f 1229->1231 1230->1229 1232 1f3b30-1f3b48 RegOpenKeyExW 1230->1232 1232->1229 1233 1f3b4a-1f3b69 RegQueryValueExW 1232->1233 1234 1f3b6b-1f3b76 1233->1234 1235 1f3b80-1f3b8b RegCloseKey 1233->1235 1236 1f3b78-1f3b7a 1234->1236 1237 1f3b90-1f3b97 1234->1237 1235->1231 1238 1f3b7e 1236->1238 1237->1238 1238->1235
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,001F3B0F,SwapMouseButtons,00000004,?), ref: 001F3B40
                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,001F3B0F,SwapMouseButtons,00000004,?), ref: 001F3B61
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,001F3B0F,SwapMouseButtons,00000004,?), ref: 001F3B83
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                            • Opcode ID: bf8c14e85466e3346e69e9d472f1f989d61fe61dac1f6499468394d388ac71d6
                                                                                                                                                                                                                                                            • Instruction ID: e72d71487164555262ba6cdcce2bfa8b74fe9bd599cf2b4a036d8411048aa717
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf8c14e85466e3346e69e9d472f1f989d61fe61dac1f6499468394d388ac71d6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90112AB5511208FFDB21CFA5DC58ABEB7B8EF04784B10445AA916D7210D3319E409760
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 002333A2
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 001F3A04
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                            • Opcode ID: 2fdac07632e7b15d8cbf20f9b36ec588de43809a9cd4afebb37ccbbb0fe34d90
                                                                                                                                                                                                                                                            • Instruction ID: 50c1e3233d2db038ef805b5ac6bcd9a330fe61a67557a477c1e169c2f2192ca8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fdac07632e7b15d8cbf20f9b36ec588de43809a9cd4afebb37ccbbb0fe34d90
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB31E571408309AAC325EB10EC4AFFBB3E8BF51354F10456AF6A983091DB709B68C7C2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00232C8C
                                                                                                                                                                                                                                                              • Part of subcall function 001F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001F3A97,?,?,001F2E7F,?,?,?,00000000), ref: 001F3AC2
                                                                                                                                                                                                                                                              • Part of subcall function 001F2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 001F2DC4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                            • String ID: X$`e+
                                                                                                                                                                                                                                                            • API String ID: 779396738-502327036
                                                                                                                                                                                                                                                            • Opcode ID: 5f4880e30c2df54d3bba32f2ac75f5843a14725ae5d518a640c74652a06778c4
                                                                                                                                                                                                                                                            • Instruction ID: 2e936bffcec02d5fe2331829c1d238ad0d87223d62d9466e1e7b436a21b8164c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f4880e30c2df54d3bba32f2ac75f5843a14725ae5d518a640c74652a06778c4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B21A571A1029C9FCF11DF94C849BEE7BF8AF59304F10405AE505B7241DBB85A998F61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00210668
                                                                                                                                                                                                                                                              • Part of subcall function 002132A4: RaiseException.KERNEL32(?,?,?,0021068A,?,002C1444,?,?,?,?,?,?,0021068A,001F1129,002B8738,001F1129), ref: 00213304
                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00210685
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                            • Opcode ID: 435161a19d748697d78118967e00e7a11b8c0561c2fb0ddaeb53c90cdd47c470
                                                                                                                                                                                                                                                            • Instruction ID: 43c45cd3a4dd0a94506a180b95e5fda52a5abc33dba2c8188618e1750612d27e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 435161a19d748697d78118967e00e7a11b8c0561c2fb0ddaeb53c90cdd47c470
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F0C83492030D77CB14BA64DC86CDD77ED6E20350B604171B918959D2EFB1DAF5C9C0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 001F1BF4
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 001F1BFC
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 001F1C07
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 001F1C12
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 001F1C1A
                                                                                                                                                                                                                                                              • Part of subcall function 001F1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 001F1C22
                                                                                                                                                                                                                                                              • Part of subcall function 001F1B4A: RegisterWindowMessageW.USER32(00000004,?,001F12C4), ref: 001F1BA2
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 001F136A
                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 001F1388
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 002324AB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                            • Opcode ID: 73d968d76d4369af58d9a9e1ac6d0c81eb68531befadd1a85bbb8d3cfd29dcd5
                                                                                                                                                                                                                                                            • Instruction ID: ea15d4c88452d2bcc5018964db6f05a74d9cbf6f8548da463c898e865481d915
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73d968d76d4369af58d9a9e1ac6d0c81eb68531befadd1a85bbb8d3cfd29dcd5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2171A0B49152048ED398EF79B94FE653AE4FB9A3847A4826ED10AC7363E7308435CF54
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 001F3A04
                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0025C259
                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 0025C261
                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0025C270
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                            • Opcode ID: a43f8185b51e7d56a5fc4d1d03c3595f26b9049a60500837388b5bdc9545652c
                                                                                                                                                                                                                                                            • Instruction ID: d9698e7bdcf5855e87198cdaded83ccfab644ad7ded76a9d98224f118e6ad910
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a43f8185b51e7d56a5fc4d1d03c3595f26b9049a60500837388b5bdc9545652c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3131F770914344AFEB328F649859BE7BBECAF02309F10009EDADE97241D3745A88CB55
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,002285CC,?,002B8CC8,0000000C), ref: 00228704
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,002285CC,?,002B8CC8,0000000C), ref: 0022870E
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00228739
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                            • Opcode ID: 7b94aff8cc1b74f816949e3dfaf508d2cf89938eaabd4bf6429fc35c223eb8a8
                                                                                                                                                                                                                                                            • Instruction ID: 21f10ec09fe1f6370360b281d6fc817ed2c630b641b73137c45e4f15f55d90d9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b94aff8cc1b74f816949e3dfaf508d2cf89938eaabd4bf6429fc35c223eb8a8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83016632A3727036D220A6F4B849B7E674D4B92774F384199F8188B0D3DEB0CCE18690
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 001FDB7B
                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 001FDB89
                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001FDB9F
                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 001FDBB1
                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00241CC9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                            • Opcode ID: c91046fc211b61607d1abe65eec90afd9d95f460608a338259e4232051ea5bc1
                                                                                                                                                                                                                                                            • Instruction ID: ff7018dd837298f5bd451a9abd4267a5b961ebfb0dd2b773c039a21312d7565d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c91046fc211b61607d1abe65eec90afd9d95f460608a338259e4232051ea5bc1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FF05E306193459BEB34CB60EC89FBA73ADEB46350F504A19E60A830D0DB3094A8CB26
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 002017F6
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                            • Opcode ID: 2868a88c6cc4a5cfd362757c68de6d9aca52421ec0cb7203bf0c328831c0e041
                                                                                                                                                                                                                                                            • Instruction ID: 5bca5ba215b5a2ac11314bd89043d1d5fb6e5612663d60563e82e9a97dddb619
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2868a88c6cc4a5cfd362757c68de6d9aca52421ec0cb7203bf0c328831c0e041
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5229A706283429FC718DF14C884A2ABBF1BF89314F54895DF4868B3A2D771E965CF82
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 001F3908
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                            • Opcode ID: 02fcfc96ad2404e534bc58f0fb8103e43462e5fa32d3f0fa164a2ea58d6654df
                                                                                                                                                                                                                                                            • Instruction ID: 24407f771e216aa184353b8fcdc15240daf711e6281535619c3cbfa49b9af498
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02fcfc96ad2404e534bc58f0fb8103e43462e5fa32d3f0fa164a2ea58d6654df
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F931C3705043459FD720DF24E889BA7BBE4FF49748F00096EFAA983241E775AA54CB52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0020F661
                                                                                                                                                                                                                                                              • Part of subcall function 001FD730: GetInputState.USER32 ref: 001FD807
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0024F2DE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                            • Opcode ID: 86b709b5d5acf73a7f383dc1da1dacc3342fa6361730cfddc482a535b2a0964e
                                                                                                                                                                                                                                                            • Instruction ID: 50c71337b29a7fabb98b60a7a630f53676907db78e5cb8639b8606329dc4ef4e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86b709b5d5acf73a7f383dc1da1dacc3342fa6361730cfddc482a535b2a0964e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7F0A0752442099FE354EF79E599B6AB7E9FF55760F00002AE95DC73A1DBB0B800CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,001F4EDD,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E9C
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 001F4EAE
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E90: FreeLibrary.KERNEL32(00000000,?,?,001F4EDD,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4EC0
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4EFD
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00233CDE,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E62
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 001F4E74
                                                                                                                                                                                                                                                              • Part of subcall function 001F4E59: FreeLibrary.KERNEL32(00000000,?,?,00233CDE,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E87
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                            • Opcode ID: c3d426dd9ef58351d2f972d1b9ddc926a0f3b204e3ef8f59f320d2576a74ca87
                                                                                                                                                                                                                                                            • Instruction ID: f4817eae85c438f292c59f8f270f67af9cd3bbf6d0b7f69da4beaacc0af39cf0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3d426dd9ef58351d2f972d1b9ddc926a0f3b204e3ef8f59f320d2576a74ca87
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A110A31610209ABDF14FF64DC02FBE77A59F60710F20442DF646A71D1EF749A559B60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                            • Opcode ID: bcd540d2192a810e3ff87f5d6e11fa7ebf12f7499587f237fde05e0bfde6aa29
                                                                                                                                                                                                                                                            • Instruction ID: 1cb9e7c2bc87092989807c8f5a63eaf9e6164ef645cd557a37b9f8ec79bbde07
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcd540d2192a810e3ff87f5d6e11fa7ebf12f7499587f237fde05e0bfde6aa29
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C11187590410AAFCB05DF98E94199A7BF5EF48314F144059F808AB312DA71EA21CBA5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00224C7D: RtlAllocateHeap.NTDLL(00000008,001F1129,00000000,?,00222E29,00000001,00000364,?,?,?,0021F2DE,00223863,002C1444,?,0020FDF5,?), ref: 00224CBE
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022506C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                            • Instruction ID: f1f01a61d849554a053cfa65551545b1d24acccf9953c8530fccb65fdffa62c0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B012B722147257BE3218F95AC4195AFBECFB89370F65051DE184832C0E6706905C674
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                            • Instruction ID: dd3a2bcfae25ac4015db8e2d4b3bd06f452b9203669fa856305e74db05d1d1de
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF0D632531A60E6DA313EA59C05BD633DC9F72330F510715F921921D1CB70D4A589A5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,001F1129,00000000,?,00222E29,00000001,00000364,?,?,?,0021F2DE,00223863,002C1444,?,0020FDF5,?), ref: 00224CBE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: f7ecb45dae8a3e6a247dfdaf4d77ea49f3d73015f5566e82bd3a4bea03ad2d4b
                                                                                                                                                                                                                                                            • Instruction ID: 565ed58e4e28ea20c8716d34bb64b0ab9cfa396b72a0671ceded61964b3ad3ce
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7ecb45dae8a3e6a247dfdaf4d77ea49f3d73015f5566e82bd3a4bea03ad2d4b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF0B43163223577DB217FAABC09B9A3788AF517A0B144123B819A6291CA71D83186E0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6,?,001F1129), ref: 00223852
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: 2b1700f14e4ec612fb9878299de1143e55f8e65423e5ce100bbb9461d8045c91
                                                                                                                                                                                                                                                            • Instruction ID: 21ea14dd8a2522ba9bcd41e3e985de435c47cdbad99108c6dbe05de2bcc28d87
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b1700f14e4ec612fb9878299de1143e55f8e65423e5ce100bbb9461d8045c91
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE0553313023276D6206EE2BC04BCA368AAB42BB0F160021BC089E480CB69DD2186E2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4F6D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                            • Opcode ID: a238b77b4bfb428261228f35414787da1a4d361f9a382d82c2437363f832dde4
                                                                                                                                                                                                                                                            • Instruction ID: 5aefb8e99c178ad1cb1663ac9db956bb711ef748a3fdea9740982c13be05ce61
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a238b77b4bfb428261228f35414787da1a4d361f9a382d82c2437363f832dde4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01F03071505755CFDB389F68D494823B7E4AF54329321897EE2DE82521C7319884DF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00282A66
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                            • Opcode ID: 131e3edfc8f96b9c9766e09a1094ead62b36c8188b12f4b4851dee09a80e2a48
                                                                                                                                                                                                                                                            • Instruction ID: de386c4b4256a2b9bb28d56797120b6b1cb7306f81d882cecc431e8595297bab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 131e3edfc8f96b9c9766e09a1094ead62b36c8188b12f4b4851dee09a80e2a48
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDE04879371116EAC714FA30DC808F9735CEF503957104536AC16D2140DF3099B98BA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 001F314E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                            • Opcode ID: f8216493d6a45586693b38d177c035b839349d88779eb56fbbfb1b8ca3d13a6a
                                                                                                                                                                                                                                                            • Instruction ID: 3e71fd9732ed964601f598fe57b28b202ae24a85e443319d91cce81140670a35
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8216493d6a45586693b38d177c035b839349d88779eb56fbbfb1b8ca3d13a6a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85F037709143589FE7529B24EC4ABD57BFCBB0170CF0400E5A64897192D77457A8CF51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 001F2DC4
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                            • Opcode ID: 6b463e56d54fee1c1ac5de36dc81239fec124b91f6817e874e779d33ca3aa4c8
                                                                                                                                                                                                                                                            • Instruction ID: 22152f6423c3d0be30102cb68508d75fa0cf85fd7dc8fae5c082b77d6735a7d7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b463e56d54fee1c1ac5de36dc81239fec124b91f6817e874e779d33ca3aa4c8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BE0CD766002245BC72092589C05FEA77DDDFC8790F040071FD09D724CDA70AD808650
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 001F3908
                                                                                                                                                                                                                                                              • Part of subcall function 001FD730: GetInputState.USER32 ref: 001FD807
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 001F2B6B
                                                                                                                                                                                                                                                              • Part of subcall function 001F30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 001F314E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                            • Opcode ID: 49feddf87171f86e00ee4ddebf8d3e94138724c89ac21c09b9028e7b28b5f7f2
                                                                                                                                                                                                                                                            • Instruction ID: ea37703a49eff45bb4c6d1c97ac1575b2bc78a56f2f4766db3094e40d2353c39
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49feddf87171f86e00ee4ddebf8d3e94138724c89ac21c09b9028e7b28b5f7f2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90E0863130424C06C618BB75B85797DB759DBF2356F40163EF75647163CF2485564351
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00230704,?,?,00000000,?,00230704,00000000,0000000C), ref: 002303B7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: a01a5d953e71826e57d68e42454621c1c2d178fcca4549e432cf1477dd95f5eb
                                                                                                                                                                                                                                                            • Instruction ID: 4016fd87fb2d6ddd99db3034808a32d51b320f48ea468b398ad9d4ecca715427
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a01a5d953e71826e57d68e42454621c1c2d178fcca4549e432cf1477dd95f5eb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D06C3204010DBBDF028F84ED4AEDA3BAAFB48714F114000BE1856020C732E821AB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 001F1CBC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                            • Opcode ID: 097b116ab79d387e6db9fe5aa51a0727a3de846681b79fd50719117c75cc77e3
                                                                                                                                                                                                                                                            • Instruction ID: 03c4eda382caf33740c407369f501718ccecb4a956f7b8293a58bfcd714d3d0a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 097b116ab79d387e6db9fe5aa51a0727a3de846681b79fd50719117c75cc77e3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CC09B35280304DFF6145780BC4FF117754E348B04F544001F609759E3C7F11420D750
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0028961A
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0028965B
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0028969F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002896C9
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 002896F2
                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0028978B
                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 00289798
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002897AE
                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 002897B8
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002897E9
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00289810
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,00287E95), ref: 00289918
                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0028992E
                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00289941
                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 0028994A
                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 002899AF
                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 002899BC
                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002899D6
                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 002899E1
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00289A19
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00289A26
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00289A80
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00289AAE
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00289AEB
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00289B1A
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00289B3B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00289B4A
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00289B68
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00289B75
                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00289B93
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00289BFA
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00289C2B
                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00289C84
                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00289CB4
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00289CDE
                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00289D01
                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00289D4E
                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00289D82
                                                                                                                                                                                                                                                              • Part of subcall function 00209944: GetWindowLongW.USER32(?,000000EB), ref: 00209952
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00289E05
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F$p#,
                                                                                                                                                                                                                                                            • API String ID: 3429851547-3654412654
                                                                                                                                                                                                                                                            • Opcode ID: d9a5a0560492f06687af5f5439df3a904e5ad57126f183d664284f1b154c7d05
                                                                                                                                                                                                                                                            • Instruction ID: 24383df9695869f4d0f0c9459cd67adfd6a4675be6bb831bd4b742bd272e8927
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9a5a0560492f06687af5f5439df3a904e5ad57126f183d664284f1b154c7d05
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D429E78616211AFD724EF24DC48EBABBE9FF49310F180619F555872E1E731A8A0CF51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 002848F3
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00284908
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00284927
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0028494B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0028495C
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0028497B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 002849AE
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 002849D4
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00284A0F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00284A56
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00284A7E
                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00284A97
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00284AF2
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00284B20
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00284B94
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00284BE3
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00284C82
                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00284CAE
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00284CC9
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00284CF1
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00284D13
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00284D33
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00284D5A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                            • Opcode ID: dc6bebcce4f3d3837c4fea44369c5a9ca31a99a1ff6010fbe5ffd9a7fa15d192
                                                                                                                                                                                                                                                            • Instruction ID: d41baded1ba004b13736a7f67a2aa5ecb16dbb5b999379187a3769389da13556
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc6bebcce4f3d3837c4fea44369c5a9ca31a99a1ff6010fbe5ffd9a7fa15d192
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7124439522256ABEB28BF24DC49FAE7BF8EF85300F104129F915EB2E1D7749950CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0020F998
                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0024F474
                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 0024F47D
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0024F48A
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0024F494
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0024F4AA
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0024F4B1
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0024F4BD
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0024F4CE
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0024F4D6
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0024F4DE
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0024F4E1
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0024F4F6
                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0024F501
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0024F50B
                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0024F510
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0024F519
                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0024F51E
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0024F528
                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0024F52D
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0024F530
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0024F557
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                            • Opcode ID: a8a4b59044fea93112a01c2fca2c3d5c10aab49a88a1fbc1cdecf4b653e164ad
                                                                                                                                                                                                                                                            • Instruction ID: 8dbbeea7bbd16d6f33a18275f9f689eed6f23e9cdd71492cb0a7e8f7484d0efd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8a4b59044fea93112a01c2fca2c3d5c10aab49a88a1fbc1cdecf4b653e164ad
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88316075A50218BAEB246FB56C4AFBF7E6CEB84B50F200025FA00F61D1D7B05910AB70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0025170D
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0025173A
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: GetLastError.KERNEL32 ref: 0025174A
                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00251286
                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 002512A8
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002512B9
                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 002512D1
                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 002512EA
                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 002512F4
                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00251310
                                                                                                                                                                                                                                                              • Part of subcall function 002510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002511FC), ref: 002510D4
                                                                                                                                                                                                                                                              • Part of subcall function 002510BF: CloseHandle.KERNEL32(?,?,002511FC), ref: 002510E9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                            • String ID: $default$winsta0$Z+
                                                                                                                                                                                                                                                            • API String ID: 22674027-1601629916
                                                                                                                                                                                                                                                            • Opcode ID: 7e40811227118477330a680b32978922f5fa074176dbaddaf1bdc1c17e6f0e78
                                                                                                                                                                                                                                                            • Instruction ID: 44239c1080114b585298776173d4c3398f656de29a9bacafc9f70c3528bda107
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e40811227118477330a680b32978922f5fa074176dbaddaf1bdc1c17e6f0e78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D819B7192020AAFDF219FA4EC49FEE7BB9EF04705F144129FD10A61A1D7748968CB64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00251114
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251120
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 0025112F
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251136
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0025114D
                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00250BCC
                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00250C00
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00250C17
                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00250C51
                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00250C6D
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00250C84
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00250C8C
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00250C93
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00250CB4
                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00250CBB
                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00250CEA
                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00250D0C
                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00250D1E
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250D45
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250D4C
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250D55
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250D5C
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250D65
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250D6C
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00250D78
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250D7F
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: GetProcessHeap.KERNEL32(00000008,00250BB1,?,00000000,?,00250BB1,?), ref: 002511A1
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00250BB1,?), ref: 002511A8
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00250BB1,?), ref: 002511B7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                            • Opcode ID: 9dfa41a3709c6e7e6e57e0ac9478ad8cc9c1ff6248fb83b8152aaecab22f3825
                                                                                                                                                                                                                                                            • Instruction ID: b0546d510440c7ee47f67053481754d52501708f936cdc3f670e7e99d02fcaa6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dfa41a3709c6e7e6e57e0ac9478ad8cc9c1ff6248fb83b8152aaecab22f3825
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E71897691120AABDF109FE4EC88FEEBBB8FF04312F144125ED14A6191D771AA19CB74
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • OpenClipboard.USER32(0028CC08), ref: 0026EB29
                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0026EB37
                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0026EB43
                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0026EB4F
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0026EB87
                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0026EB91
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0026EBBC
                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0026EBC9
                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0026EBD1
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0026EBE2
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0026EC22
                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0026EC38
                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0026EC44
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0026EC55
                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0026EC77
                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0026EC94
                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0026ECD2
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0026ECF3
                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 0026ED14
                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0026ED59
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                            • Opcode ID: 6a6d9ed3cdd77a23f7aaec4560ea573f9a176d7f6c0617adfb5ad4cd4fbcfd43
                                                                                                                                                                                                                                                            • Instruction ID: 6e32691c6a63c50472ea759dfbdd3ff3c33376ff85d55213f84f4b9e22132b4c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a6d9ed3cdd77a23f7aaec4560ea573f9a176d7f6c0617adfb5ad4cd4fbcfd43
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F06102782142069FD700EF20E888F3A77E8BF94758F25441DF956872A2DB71ED85CB62
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002669BE
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00266A12
                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00266A4E
                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00266A75
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00266AB2
                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00266ADF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                            • Opcode ID: 1db49d4dfb1b6a861d1e596306b5e07d52a4f48c3f781c79bee9d69e3a2481b5
                                                                                                                                                                                                                                                            • Instruction ID: 0daf75ce3ac63c9f1fa116658edd42496ba4391fba37aed1eb39c8f1310bac5b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1db49d4dfb1b6a861d1e596306b5e07d52a4f48c3f781c79bee9d69e3a2481b5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DED17E72518304AEC310EFA4C995EBBB7ECAF98704F04491DF685D6191EB74DA44CBA2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,76E18FB0,?,00000000), ref: 00269663
                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 002696A1
                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 002696BB
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 002696D3
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 002696DE
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 002696FA
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0026974A
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(002B6B7C), ref: 00269768
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00269772
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0026977F
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0026978F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                            • Opcode ID: 3665992da51603f84af94b77093c11bbbe43388979e6152be29b89b6e7ac0076
                                                                                                                                                                                                                                                            • Instruction ID: 6afa0cfcec15e6f13d1f900eaf232125cc2130ba982b97f2a761bce9282b6ad2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3665992da51603f84af94b77093c11bbbe43388979e6152be29b89b6e7ac0076
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A131C57652121AAEDF14AFB4EC0CAEE77AC9F49320F204195F805E2090DB34D9D4CF20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,76E18FB0,?,00000000), ref: 002697BE
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00269819
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00269824
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00269840
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00269890
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(002B6B7C), ref: 002698AE
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 002698B8
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 002698C5
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 002698D5
                                                                                                                                                                                                                                                              • Part of subcall function 0025DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0025DB00
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                            • Opcode ID: 100e40114e3207e5b36e6ac240d5cc9677edd2d829157ad48c696c8b30873b85
                                                                                                                                                                                                                                                            • Instruction ID: b461e276a2a2dce113d8ba9a0a559e20c610f5ffc6ab9d4fe9812c651612f0cc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 100e40114e3207e5b36e6ac240d5cc9677edd2d829157ad48c696c8b30873b85
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D31C33652121AAEDB10AFB4EC48ADE77AC9F4A320F204196E810A30D0DF30DDE5CF64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0027B6AE,?,?), ref: 0027C9B5
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027C9F1
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA68
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA9E
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0027BF3E
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0027BFA9
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027BFCD
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0027C02C
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0027C0E7
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0027C154
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0027C1E9
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0027C23A
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0027C2E3
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0027C382
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027C38F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                            • Opcode ID: 09e506a5b53a4b23d6108b6379a01f9befc1ce45c5a928ac7261ff5ba141861c
                                                                                                                                                                                                                                                            • Instruction ID: 28943ee59d784e41abe619265c18669999e5bf15bb281b88baad656b3c5f1894
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09e506a5b53a4b23d6108b6379a01f9befc1ce45c5a928ac7261ff5ba141861c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9026D70614201AFC714DF28C895E2ABBE5EF89318F18C49DF84ACB2A2D731EC55CB52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00268257
                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00268267
                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00268273
                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00268310
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00268324
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00268356
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0026838C
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00268395
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                            • Opcode ID: 5d5c4dba0d22ae70ee645c676a3bda175286e7d3e5eb5b6f9eefdb2067f516d1
                                                                                                                                                                                                                                                            • Instruction ID: 26a138b45c3fc102ba503072791786d75b9e92dd69fa87885c31d145ffddfaa9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d5c4dba0d22ae70ee645c676a3bda175286e7d3e5eb5b6f9eefdb2067f516d1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0618AB25183459FCB10EF60D8549AEB3E8FF89310F04896EF98987251DB31E995CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001F3A97,?,?,001F2E7F,?,?,?,00000000), ref: 001F3AC2
                                                                                                                                                                                                                                                              • Part of subcall function 0025E199: GetFileAttributesW.KERNEL32(?,0025CF95), ref: 0025E19A
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0025D122
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0025D1DD
                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0025D1F0
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0025D20D
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0025D237
                                                                                                                                                                                                                                                              • Part of subcall function 0025D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0025D21C,?,?), ref: 0025D2B2
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0025D253
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0025D264
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                            • Opcode ID: 7824710733398a6416769cc2507cd27b436e2cc7f500725564bebe38faed4d09
                                                                                                                                                                                                                                                            • Instruction ID: d1fa609781d96a7c591dded42c6d9094e903a202a8afbdeaf49297c48d0c052c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7824710733398a6416769cc2507cd27b436e2cc7f500725564bebe38faed4d09
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF617B7181110EAACF15EFE0D9929FDB7B5AF24341F208165E906B7192EB30AF1DCB64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                            • Opcode ID: 2080f06e788ff59df49b5b32a0c8f5c2db564363ad78702be8fb7914f3291be1
                                                                                                                                                                                                                                                            • Instruction ID: 6812bb5d7b3358d46be388a4bc7ea32c2f15b14567ddef2c83f41df87b5eb718
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2080f06e788ff59df49b5b32a0c8f5c2db564363ad78702be8fb7914f3291be1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8841B2792156129FE710DF19E88CF19BBE5FF44328F25C099E4158B6A2C776EC81CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0025170D
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0025173A
                                                                                                                                                                                                                                                              • Part of subcall function 002516C3: GetLastError.KERNEL32 ref: 0025174A
                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0025E932
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                            • Opcode ID: 15465eed147be55a21f0369f9779e18f7b846c26e8e9a46bfaa0a7bb7888c0d0
                                                                                                                                                                                                                                                            • Instruction ID: 221ab857937f41d288a807cf19ba8b40dd18cfc5045b7860ce672e8fcb5777d0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15465eed147be55a21f0369f9779e18f7b846c26e8e9a46bfaa0a7bb7888c0d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5001FE72A30211AFEF582674AC8AFBF725C9B14752F260422FD13E31D1D6B45D7886A8
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00271276
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271283
                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 002712BA
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 002712C5
                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 002712F4
                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 00271303
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 0027130D
                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 0027133C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                            • Opcode ID: 25a5a101fd0fc2385c2121fd18a05fe421f2f1a0311c65f7c287436d2cb96952
                                                                                                                                                                                                                                                            • Instruction ID: a79cda35b30e22c13273ad37a6ed537318939bd9220773bfb50ba7565e4c1ce2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a5a101fd0fc2385c2121fd18a05fe421f2f1a0311c65f7c287436d2cb96952
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 154192356001119FD710DF28D488B2ABBE5AF46318F28C188D95A9F2E7C771ED91CBE1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022B9D4
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022B9F8
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022BB7F
                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00293700), ref: 0022BB91
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,002C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0022BC09
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,002C1270,000000FF,?,0000003F,00000000,?), ref: 0022BC36
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022BD4B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                            • Opcode ID: 181784c41d4732e94964c3bb157b0df1ad27762ba34f1335c6e06435654c1ca9
                                                                                                                                                                                                                                                            • Instruction ID: 3782606feaabbe4ab4b9316afbb5614d5aeadd9f1e1796618abb4a63b7cb5f1a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 181784c41d4732e94964c3bb157b0df1ad27762ba34f1335c6e06435654c1ca9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40C12B75924226BFCB12DFF8BC45BAE7BB8EF46310F14419AE890D7252DB309D618B50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001F3A97,?,?,001F2E7F,?,?,?,00000000), ref: 001F3AC2
                                                                                                                                                                                                                                                              • Part of subcall function 0025E199: GetFileAttributesW.KERNEL32(?,0025CF95), ref: 0025E19A
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0025D420
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0025D470
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0025D481
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0025D498
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0025D4A1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                            • Opcode ID: b3976f8f647a15b900598a88b2d0adf20ffc82562ddc76a7aca67ad4e1c31ad9
                                                                                                                                                                                                                                                            • Instruction ID: a9d1659cfbcc03185e91c49edc1d07816f787f481aca2caf944d221adce1823c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3976f8f647a15b900598a88b2d0adf20ffc82562ddc76a7aca67ad4e1c31ad9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8031CE710183499BC310EF64D8958BFB7E8BEA1315F804A2DF9D583191EB30AA0DCB67
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                            • Opcode ID: f1c25ebd943e04923e03e6ee2a1a372d282849d925d06d60a7503fad0a1642d0
                                                                                                                                                                                                                                                            • Instruction ID: 3c4a5dc5db937c859ca9c9495fc95553e96f76437ca782677f98c642799f4b49
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1c25ebd943e04923e03e6ee2a1a372d282849d925d06d60a7503fad0a1642d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86C27B71E242299FDF65CEA8ED407EAB3B5EB44304F1541EAD80DE7240E774AE919F40
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002664DC
                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00266639
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0028FCF8,00000000,00000001,0028FB68,?), ref: 00266650
                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 002668D4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                            • Opcode ID: 9fbe320aa62552d12f0ea0d5ac74a6a9dce68dd38fbb2d0c9788de0efb28ddf7
                                                                                                                                                                                                                                                            • Instruction ID: 6f668d20f22f6ae2174c8128cd861a18ab98f5c3ccd9ee18eb66d059b3817ee4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fbe320aa62552d12f0ea0d5ac74a6a9dce68dd38fbb2d0c9788de0efb28ddf7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55D17A715182059FC304EF24C881E6BB7E8FFA9304F44492DF5968B2A1EB70ED49CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 002722E8
                                                                                                                                                                                                                                                              • Part of subcall function 0026E4EC: GetWindowRect.USER32(?,?), ref: 0026E504
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00272312
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00272319
                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00272355
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00272381
                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 002723DF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                            • Opcode ID: 1804f2b0b22d2206b340cf7267a679fe70f79ec63ccdc1a294c72e044cb8bb6e
                                                                                                                                                                                                                                                            • Instruction ID: 072025679ed7b808e4949aed5c755fec06ea562e3c3058cbcd21a7b53795344c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1804f2b0b22d2206b340cf7267a679fe70f79ec63ccdc1a294c72e044cb8bb6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C131E5725053169FDB20DF14D849F5BB7E9FF84310F104919F98997181DB34EA18CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00269B78
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00269C8B
                                                                                                                                                                                                                                                              • Part of subcall function 00263874: GetInputState.USER32 ref: 002638CB
                                                                                                                                                                                                                                                              • Part of subcall function 00263874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00263966
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00269BA8
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00269C75
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                            • Opcode ID: a46a46a8bf527f2cac79c91366df0b4b7d989d8562503405fb983c62bc02db5a
                                                                                                                                                                                                                                                            • Instruction ID: d8874af3af127bf9a2cc0779fc9bffda7b3d3d40652eaa9d1e289bcf567dea45
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a46a46a8bf527f2cac79c91366df0b4b7d989d8562503405fb983c62bc02db5a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC417F7191020A9FCF14EF64D989AEEBBF8EF19350F244056F805A2191EB309ED4CF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00209A4E
                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00209B23
                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00209B36
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                            • Opcode ID: b4ca2e6ced5d49a774c406d14635ca2df9575a5d12133622304eb7e124f7591c
                                                                                                                                                                                                                                                            • Instruction ID: ab63c0abc3732a30a5cdc265117168df8c62a0892f1c1a483073c7fd26316b10
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4ca2e6ced5d49a774c406d14635ca2df9575a5d12133622304eb7e124f7591c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64A13870239645AEE728AE2C9C89E7B3A5DDB82304F150209F423D66D3CB659DF1C771
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0027304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0027307A
                                                                                                                                                                                                                                                              • Part of subcall function 0027304E: _wcslen.LIBCMT ref: 0027309B
                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0027185D
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271884
                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 002718DB
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 002718E6
                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00271915
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                            • Opcode ID: 54c175037f3fff35a30d2c7647c4523a2b71e1c54c43d2c39cb859da9bb7c68f
                                                                                                                                                                                                                                                            • Instruction ID: 288c504d426cc9037bd546dad62166a0b8c36f8ce7296c8b4121ad4f6f078dbb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54c175037f3fff35a30d2c7647c4523a2b71e1c54c43d2c39cb859da9bb7c68f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C51B475A102149FE710AF28D886F3AB7E5AF44718F18C058FA095F3D3C771AD518BA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                            • Opcode ID: 81ae6b28bb71866494c823e633e892062f9dd49a15432b0af3e3338b0c995a40
                                                                                                                                                                                                                                                            • Instruction ID: 31a0eb96b0eb09d9bafdb8d96cfa9b0b1ad8c6eb26fc56a191fb932775b20317
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81ae6b28bb71866494c823e633e892062f9dd49a15432b0af3e3338b0c995a40
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E22129397522115FD720AF1AD844B267BE8EF84310F188069E845CB3D1C771EC63CB91
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                            • Opcode ID: 1db3d8fe62ede5a8355e9883d67dd941444c8dccd84da4de5298f39d3c2003fb
                                                                                                                                                                                                                                                            • Instruction ID: 0c1cec0bdee310b1aa6081b8ffaace6353f3da3b5a890eb5c85dc2844764f0ed
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1db3d8fe62ede5a8355e9883d67dd941444c8dccd84da4de5298f39d3c2003fb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8A28FB0E1062ECBDF24CF58C8447BEB7B1BF54314F2585AAE919AB284DB709D91CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 002582AA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                            • String ID: ($tb+$|
                                                                                                                                                                                                                                                            • API String ID: 1659193697-4231914386
                                                                                                                                                                                                                                                            • Opcode ID: 6414821eb40ef67ece4066a2459659eb8ec6fb8aa7155dff51d3a13a46fe1452
                                                                                                                                                                                                                                                            • Instruction ID: f6304e0d443615902d854f2954e8c7a79800a790dfbb7b02bca7dfe3d94535ac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6414821eb40ef67ece4066a2459659eb8ec6fb8aa7155dff51d3a13a46fe1452
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58323875A107069FC728CF19C08196AB7F0FF48710B15C46EE89AEB7A1EBB0E951CB44
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0025AAAC
                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0025AAC8
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0025AB36
                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0025AB88
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                            • Opcode ID: e9ac18d49ed07711800d925b84658834e5b40f703cac5b83e5ab76bd89d56a85
                                                                                                                                                                                                                                                            • Instruction ID: 4e8e18d85af4452f528fda39164570c20c93c5ec8f638f73825acf95ad1c870e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9ac18d49ed07711800d925b84658834e5b40f703cac5b83e5ab76bd89d56a85
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E312E30A70205AEFF358F64CC06BFA77A6AB54326F14431BF881521D0D37589A9C7EA
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0026CE89
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0026CEEA
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0026CEFE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                            • Opcode ID: 8e555fa6c69e7e90e63929b1ff6410127cbe0a76748b65f1b768fdf16e6651cc
                                                                                                                                                                                                                                                            • Instruction ID: efc0e59924e357e35431513857dbfc93077356e1f504a75c999f9e7048c74236
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e555fa6c69e7e90e63929b1ff6410127cbe0a76748b65f1b768fdf16e6651cc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9921C1B15103069BDB30EF65D948BA7B7FCEB50354F20441EE686D2151E771EE94CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00265CC1
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00265D17
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00265D5F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                            • Opcode ID: ddceecd8ed56a11da24c7189589e0907eaee5d31b39c33b709557d920846e4eb
                                                                                                                                                                                                                                                            • Instruction ID: a96d451155ac7b57dd3bb08671f56dda198f56428db38b4c93da858348a92df0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddceecd8ed56a11da24c7189589e0907eaee5d31b39c33b709557d920846e4eb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F451BC34614A029FC714CF28C484E9AB7E4FF4A314F14855EE95A8B3A2CB30EC94CF91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0022271A
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00222724
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00222731
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                            • Opcode ID: 34b0b8b8e0655290ade2b3b0809fad2bb0cbfeab49bb7b81e6a1b306be4e2f05
                                                                                                                                                                                                                                                            • Instruction ID: b4602721e06fef6ce2be5e661b4c62942696753cb3c7da7c61bd1adc8dcef620
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b0b8b8e0655290ade2b3b0809fad2bb0cbfeab49bb7b81e6a1b306be4e2f05
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131C474911228ABCB21DF64DC887D9B7B8AF18310F5041EAE81CA6260E7709F958F44
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 002651DA
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00265238
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 002652A1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                            • Opcode ID: 40dc59200126fd105123247f299e3d1d7e0c0d33ae4301b509cd7e3ba4b6c457
                                                                                                                                                                                                                                                            • Instruction ID: d18dfdf4c14a7add1e65b916cf2e70b0f7483a4cc2494d6e67c7f0b753f24515
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40dc59200126fd105123247f299e3d1d7e0c0d33ae4301b509cd7e3ba4b6c457
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34315E75A10519DFDB00DF54D8D8EADBBB4FF48314F148099E909AB3A2DB31E856CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0020FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00210668
                                                                                                                                                                                                                                                              • Part of subcall function 0020FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00210685
                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0025170D
                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0025173A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0025174A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                            • Opcode ID: 428961250a4388cf61bf448eca462790ac64a5800cc95c00d010570665447e33
                                                                                                                                                                                                                                                            • Instruction ID: 1318c919249327911fbed183facdebf688f897b43836babcd2c203d03dfda92e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428961250a4388cf61bf448eca462790ac64a5800cc95c00d010570665447e33
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA1123B2424305AFD7289F64ECC6E6BB7BDEB44711B20802EF45653281EB70FC618B24
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0025D608
                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0025D645
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0025D650
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                            • Opcode ID: fee611aabaf6816393b2e0e93e2adede356070fdd45cb9c66a87b923e37cac3a
                                                                                                                                                                                                                                                            • Instruction ID: eb3d21f23576957ddceda7c8a535f17ef03bd5f65e7535580d11bd1c55554104
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fee611aabaf6816393b2e0e93e2adede356070fdd45cb9c66a87b923e37cac3a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C113C75E05228BBDB208F95AC49FAFBBBCEB45B50F108155F904E7290D6705A058BA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0025168C
                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 002516A1
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 002516B1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                            • Opcode ID: a1f8efc7b8294daf7295f1fd5bef77fa4db335f618c0b011ed55ca118bebf30a
                                                                                                                                                                                                                                                            • Instruction ID: 0c6274869a84d1f79a85a932f9ff1ca98ba7fd15630f51547b2758d5c57639f4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1f8efc7b8294daf7295f1fd5bef77fa4db335f618c0b011ed55ca118bebf30a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF04475951309FBDB00DFE0AC89EAEBBBCEB08240F204460E900E2181E330AA048B60
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                            • Opcode ID: 9c920336e97bc6776e5c9c8d87007e90ab99eadf10d8b58640feba013cd6cf8b
                                                                                                                                                                                                                                                            • Instruction ID: d394a33b50708cfd9235cdc84691997069e28fe0fe478d964ef98b32b7d95817
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c920336e97bc6776e5c9c8d87007e90ab99eadf10d8b58640feba013cd6cf8b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18413A72510229BBCB24EFF9EC48EAF7778EB84314F2046A9F905C7180E6709D91CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0024D28C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                            • Opcode ID: 691184ffa8b572a80ce0c65ecdb2c5d3f90f42cf63cae67941e5c78db8b25a4e
                                                                                                                                                                                                                                                            • Instruction ID: f472d26fb3da40a8f27c08186db7a3a0bed462f7bdd02d4a8786d5dd8e49fa04
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 691184ffa8b572a80ce0c65ecdb2c5d3f90f42cf63cae67941e5c78db8b25a4e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00D0C9B482611DEBCB94CB90ECC8DD9B37CBB04345F100151F506A2140D7B095488F20
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                            • Instruction ID: edf606ffebe2c56460c229e26ba9127df1fb5c0862b1638c0c9c4b9c1ce689ec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17023C75E502199BDF14CFA9D8806EEFBF1EF58324F25816AD819E7380D730AE518B84
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.$p#,
                                                                                                                                                                                                                                                            • API String ID: 0-1661721550
                                                                                                                                                                                                                                                            • Opcode ID: 6e503948f3f973e4c029b94a25864a58675b6083e71468acfa08ce12a051de2d
                                                                                                                                                                                                                                                            • Instruction ID: 71d02ce10dd40c471be701737d26e88fabb691dd2c41e4671b7225ea9c15dd20
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e503948f3f973e4c029b94a25864a58675b6083e71468acfa08ce12a051de2d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F032AD7091021DDBCF18DF94CA80AFDB7B5FF14304F144059EA06AB292DB75AE59EBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00266918
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00266961
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                            • Opcode ID: e2db66df3290c08f005a72c00f83731532fa54f151e24fb1824b18aa368a7709
                                                                                                                                                                                                                                                            • Instruction ID: c81b6f8268bdbb73d8d4f07933a6b8b902bfd0e33e7103ebcbf7e5a1b36dd8f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2db66df3290c08f005a72c00f83731532fa54f151e24fb1824b18aa368a7709
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C311D0356142059FC710CF29D488A26BBE4FF84328F14C699E8698F6A2C730EC45CBD0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00274891,?,?,00000035,?), ref: 002637E4
                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00274891,?,?,00000035,?), ref: 002637F4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                            • Opcode ID: b812ef578d962de55e7d35c2cf8646924065462cbcdb75e2d26e67efba87ec37
                                                                                                                                                                                                                                                            • Instruction ID: 93276f8a25a5f75225eececad243cd6137747c1815e46842ff3d3d2d96b9c7e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b812ef578d962de55e7d35c2cf8646924065462cbcdb75e2d26e67efba87ec37
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1F0E5B46153292AE72067769C4DFEB7AAEEFC4761F000165F509D2281DA709944C7F0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0025B25D
                                                                                                                                                                                                                                                            • keybd_event.USER32(?,76AAC0D0,?,00000000), ref: 0025B270
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                            • Opcode ID: 4e4750ab5bb6b2114da296e5817988c7809b155adbe7ec1f4af4310b661f1162
                                                                                                                                                                                                                                                            • Instruction ID: 18abd7c4fe2e6de1fb0c20654e529c0ed2e2a4049cbaee7799b23c57f223f358
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e4750ab5bb6b2114da296e5817988c7809b155adbe7ec1f4af4310b661f1162
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF01D7581424EABDF059FA0D805BAE7BB4FF04305F108009FD55A5191C7798615DFA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002511FC), ref: 002510D4
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,002511FC), ref: 002510E9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                            • Opcode ID: c5900bba2277a129249d8861b2e080cf8ff8c0bea1e1432fc4d24ee6a02a6a5f
                                                                                                                                                                                                                                                            • Instruction ID: 722127c1d22f0f4c817c333b70ac836d2f204f970eb00a705ea060d746d92843
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5900bba2277a129249d8861b2e080cf8ff8c0bea1e1432fc4d24ee6a02a6a5f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6E04831014701AEE7252B51FC09E7377A9EB04310B24842DF455804F1DB726CA0DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00226766,?,?,00000008,?,?,0022FEFE,00000000), ref: 00226998
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                            • Opcode ID: 86bb7703f848f74df82cc5914fe04e50232d35c4ca6766c192fdd8c3422d9066
                                                                                                                                                                                                                                                            • Instruction ID: ba739c9259b84667d2ddc9e621b0009fc1b5b81b365eef25968076b6de15d68c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86bb7703f848f74df82cc5914fe04e50232d35c4ca6766c192fdd8c3422d9066
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33B19E32520619EFD718CF68D48AB647BE0FF05324F25C658E899CF2A2C735E9A5CB40
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: 52be7b233c7b79c546447001bb7f2946e522f53ef1c1813f73e8fe13f0f67983
                                                                                                                                                                                                                                                            • Instruction ID: 4d046e691dd763df3e6b162e3c79d1f452214a7dcebb0f8326af6d7edd24297f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52be7b233c7b79c546447001bb7f2946e522f53ef1c1813f73e8fe13f0f67983
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09126275D202199BDB25CF58C8906AEB7F5FF48710F14819AE809EB292DB709E91CF90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0026EABD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                            • Opcode ID: 638fde6e44be36805f01958c777c23eb2d05696a004e9a8fa28a38cca9118140
                                                                                                                                                                                                                                                            • Instruction ID: 118b746ef6dfef4ad6178046b6a2be2dc032ccb23b79b281aa7c40fb8268ffd2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 638fde6e44be36805f01958c777c23eb2d05696a004e9a8fa28a38cca9118140
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BE048752102159FC710DF59D444D5AF7DDAF98760F118416FD45C7351D770EC408B90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,002103EE), ref: 002109DA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                            • Opcode ID: ef5fe661e7a02b63be74215b8ae380095440eea22f0c9e7739f96b8330311dc0
                                                                                                                                                                                                                                                            • Instruction ID: 11c8321a6477bdfd9d789b59a6d0871f47a16fd9d20d614b608eda67fb4356bd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef5fe661e7a02b63be74215b8ae380095440eea22f0c9e7739f96b8330311dc0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                            • Instruction ID: 3b467389a22abba383cf633d9547ecbdcfbb0a079e665db772cbbdab3a3d5ae3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7851476163C64756DB384D68889D7FE23F99FF2300F180519E882C7282C651DEFAE752
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0&,
                                                                                                                                                                                                                                                            • API String ID: 0-707580741
                                                                                                                                                                                                                                                            • Opcode ID: 5fa1803c7c7cf27dfd2b74c4f7634ace2716b2bb4058e2b4639c03340d691d9a
                                                                                                                                                                                                                                                            • Instruction ID: 65bd347066969bf9a71b31c8afd65222b60378e66039993bea5d139eb4db908f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fa1803c7c7cf27dfd2b74c4f7634ace2716b2bb4058e2b4639c03340d691d9a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D721BB32620515CBD728CF79C81367E73E5A764310F25862EE4A7C37D0DE36A948CB50
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 78ee29e86e34cbdeebf18893d34620ecfcb7caefa7f251e8c283a7300d707686
                                                                                                                                                                                                                                                            • Instruction ID: 90c4da551f1787b9bdfd3905cc32d92c2bbee4b0bc8afbe8b4ad3d6bf577bc43
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78ee29e86e34cbdeebf18893d34620ecfcb7caefa7f251e8c283a7300d707686
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49324322D3DF119DD7239A34EC66335A289AFB73C5F15D337E81AB59A6EB28C4934100
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 492c320395181739e6203f0b51c8b15621b08331a8e73e7eb92583489167791a
                                                                                                                                                                                                                                                            • Instruction ID: 4847259f2c6a5606a4364c69ab2dffaa159bda9f5f298ac1a23f23ee4eab514f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 492c320395181739e6203f0b51c8b15621b08331a8e73e7eb92583489167791a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1322471A312168BDF6CCF2CC4D467D77A1EB45304F39866BD44A8B2A2D270DDA1DB00
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 98a77a4298812a8c3f630e16a24b7d775f6ad1a3ed615c22db50734287be5160
                                                                                                                                                                                                                                                            • Instruction ID: d1e195192d6c586fa9f0d5aed7fd57f186aada7f34950bf6bd8440ffc0214a8d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98a77a4298812a8c3f630e16a24b7d775f6ad1a3ed615c22db50734287be5160
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C522D3B0A1061ADFDF14CF64D881ABEB7F6FF44300F144629E916A7291EB36AD61CB50
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: ccc1de6be4ffeb49ecb09a3fa45d6782fd930fcfc2d15093d32d907307309243
                                                                                                                                                                                                                                                            • Instruction ID: 1fd03b5ed11b568db1d243c93b69fa301ed6f147ada2fdda92dbb967a1390638
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccc1de6be4ffeb49ecb09a3fa45d6782fd930fcfc2d15093d32d907307309243
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2502D5B0A1020AEBDF04DF64D881AAEB7B5FF54300F118165E9169B2D1EB71AE65CF90
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: de5ec558fe54ee4e0438ee468f921c01eeb00dd6cabf4cf5005022f4738d037c
                                                                                                                                                                                                                                                            • Instruction ID: 715bcd3220412c32a40043a9ce5bc21199d9c3f65306b4296be0ff8d6136970b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de5ec558fe54ee4e0438ee468f921c01eeb00dd6cabf4cf5005022f4738d037c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FB11320D6AF505DD3239639A835336B65CAFBB6D5F91D31BFC1A74D22EB2286834180
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                            • Instruction ID: 3b1e228c63c5813f53cbc71e98ff43b63d7f83313fb60a6d9cad681ca6046743
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6918B722280A349DB2D4A7D95740BEFFE15A623A131A079ED5F2CB1C5FE30C5B4D620
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                            • Instruction ID: 4c6a6b35522c5e2f0af83bb30ea5f9eb71b7e96e4ac079a2fb3f5564870d0013
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D91977222D0A349DB2D4A7A85740BDFFE15AA23A531A079ED5F2CA1C1FD34C6F4D620
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 8fc05cb4fb65cc86dbcafb2a3b225f3c45fe50808083dad9d0be6e842b0a3692
                                                                                                                                                                                                                                                            • Instruction ID: b108de277d95bd524537298044de2e2a040f82f4fd390f8fcf160e9c7c8734ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fc05cb4fb65cc86dbcafb2a3b225f3c45fe50808083dad9d0be6e842b0a3692
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4661576123C70B56DA349E288895BFE63F4DFF1708F24091AE842DB281DB519FF28755
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: d74cb52faceb7cd85e8aedecf624e6400d1cd179dc555ba88cc91dc0efb2f70f
                                                                                                                                                                                                                                                            • Instruction ID: 836b2b2e39e595a91ff1bc14ba268aeacee5290c15bdb9ee98ef043bd15c22d5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d74cb52faceb7cd85e8aedecf624e6400d1cd179dc555ba88cc91dc0efb2f70f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B61486123C70E56DA384E286895BFE23F89FF2704F200959E942DB281DB52ADF28655
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                            • Instruction ID: d374c33ba3364e315a34504eddca4c9dda6e12e108fb8c12c22e0847b8064580
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF8188326290A30DEB6D4A3D85340BEFFE15AA23A131A479DD5F2CB1C1EE34C5B4D620
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00272B30
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00272B43
                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00272B52
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00272B6D
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00272B74
                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00272CA3
                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00272CB1
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272CF8
                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00272D04
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00272D40
                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272D62
                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272D75
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272D80
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00272D89
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272D98
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00272DA1
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272DA8
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00272DB3
                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272DC5
                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0028FC38,00000000), ref: 00272DDB
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00272DEB
                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00272E11
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00272E30
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00272E52
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0027303F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                            • Opcode ID: af02c2c9f73011f7b30fad80db32c38fa29e2a25221633a7c51142b169b21f67
                                                                                                                                                                                                                                                            • Instruction ID: b5aa684d8ba823887e9fb490f0be4391fbd5fcde58becc68b6eb4b8207b765f4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af02c2c9f73011f7b30fad80db32c38fa29e2a25221633a7c51142b169b21f67
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75029975910209EFDB14DF64EC8DEAE7BB9EF49314F108158F919AB2A1CB74AD04CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0028712F
                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00287160
                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 0028716C
                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00287186
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00287195
                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 002871C0
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 002871C8
                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 002871CF
                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 002871DE
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 002871E5
                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00287230
                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00287262
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00287284
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: GetSysColor.USER32(00000012), ref: 00287421
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: SetTextColor.GDI32(?,?), ref: 00287425
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: GetSysColorBrush.USER32(0000000F), ref: 0028743B
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: GetSysColor.USER32(0000000F), ref: 00287446
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: GetSysColor.USER32(00000011), ref: 00287463
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00287471
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: SelectObject.GDI32(?,00000000), ref: 00287482
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: SetBkColor.GDI32(?,00000000), ref: 0028748B
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: SelectObject.GDI32(?,?), ref: 00287498
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 002874B7
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002874CE
                                                                                                                                                                                                                                                              • Part of subcall function 002873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 002874DB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                            • Opcode ID: 57a70e49cc97c4012d3b5057590b62e52458d739ee4a5827b9459963a5e0526e
                                                                                                                                                                                                                                                            • Instruction ID: b15bf5977f70cc2e993eb11e8d159fc50e3e4a0c1926d852b11d84dfe4e7b31b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a70e49cc97c4012d3b5057590b62e52458d739ee4a5827b9459963a5e0526e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09A1A47601A301AFDB00AF60EC4CE5B7BA9FF49320F200A19F966961E1D775E954CF61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00208E14
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00246AC5
                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00246AFE
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00246F43
                                                                                                                                                                                                                                                              • Part of subcall function 00208F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00208BE8,?,00000000,?,?,?,?,00208BBA,00000000,?), ref: 00208FC5
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00246F7F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00246F96
                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00246FAC
                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00246FB7
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: d52981a8cd476ffdb10064add8d17761a9afe5e3b59813473b010a2c271b5157
                                                                                                                                                                                                                                                            • Instruction ID: 9d2c637ba1250925dfb3b92f890973d38297c9e754809531e0820d06276e595d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d52981a8cd476ffdb10064add8d17761a9afe5e3b59813473b010a2c271b5157
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08128C34621212DFDB29CF24D88CBA6B7E5FB46300F544469F5859B6A2CB31E871CF52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 0027273E
                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0027286A
                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 002728A9
                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 002728B9
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00272900
                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 0027290C
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00272955
                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00272964
                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00272974
                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00272978
                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00272988
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00272991
                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 0027299A
                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 002729C6
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 002729DD
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00272A1D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00272A31
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00272A42
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00272A77
                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00272A82
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00272A8D
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00272A97
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                            • Opcode ID: 824aef5387ac193cb70d0f2e25e3df150efd9141875e72509cb10057aed64f6c
                                                                                                                                                                                                                                                            • Instruction ID: 2803302f17836e34cfd0531b605120cf342ed44e368fcc616c3c4d904d42d229
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 824aef5387ac193cb70d0f2e25e3df150efd9141875e72509cb10057aed64f6c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3B18E75A10219AFEB14DF68DC8AFAE7BA9EF05710F108154FA14E72A1D774ED10CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00264AED
                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,0028CB68,?,\\.\,0028CC08), ref: 00264BCA
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,0028CB68,?,\\.\,0028CC08), ref: 00264D36
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                            • Opcode ID: a5d1ab9ec98f4c7fccda8153fe9fc3d4a06993b7ae779a1dfeb0ca61586c4e6d
                                                                                                                                                                                                                                                            • Instruction ID: 3d511bb1a81b9328320b2dc88dcc4f36ab8d4c651af06c836a9926f2ef55a9b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5d1ab9ec98f4c7fccda8153fe9fc3d4a06993b7ae779a1dfeb0ca61586c4e6d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5961D47063110B9BCB04FF28C9859BD7BA0AF05384B244516F886AB391DB75EDB1DB51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00287421
                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00287425
                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0028743B
                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00287446
                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 0028744B
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00287463
                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00287471
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00287482
                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0028748B
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00287498
                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 002874B7
                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002874CE
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 002874DB
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0028752A
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00287554
                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00287572
                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 0028757D
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 0028758E
                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00287596
                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,002870F5,000000FF,?,00000000), ref: 002875A8
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 002875BF
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 002875CA
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 002875D0
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 002875D5
                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 002875DB
                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 002875E5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                            • Opcode ID: 15a6f93e035c4018cd4f130e7530200121bce8db6f74c01b9892ef45ccb8dd4e
                                                                                                                                                                                                                                                            • Instruction ID: 2d5869939b742e5fcfaf413f70102026000d5da3991a0467017496d6c0847c13
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15a6f93e035c4018cd4f130e7530200121bce8db6f74c01b9892ef45ccb8dd4e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE615F7A901219AFDF019FA4EC49EAE7FB9EB08320F214115F915BB2E1D7749950CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00281128
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0028113D
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00281144
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00281199
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 002811B9
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 002811ED
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0028120B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0028121D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00281232
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00281245
                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 002812A1
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 002812BC
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 002812D0
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 002812E8
                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 0028130E
                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00281328
                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 0028133F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 002813AA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                            • Opcode ID: 137bf9769e519895644db3b16690a3327c77ea0fbb34a9e0c6b6d00d41e6a2ac
                                                                                                                                                                                                                                                            • Instruction ID: 416b2e1faa73ee93a1d1e665791daf98f96646219352a6a4ae1f3edf88a885f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 137bf9769e519895644db3b16690a3327c77ea0fbb34a9e0c6b6d00d41e6a2ac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFB1B175619351AFD704EF64D888B6ABBE8FF84300F00891CF9999B2E1C771E865CB61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 002802E5
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0028031F
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280389
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002803F1
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280475
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 002804C5
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00280504
                                                                                                                                                                                                                                                              • Part of subcall function 0020F9F2: _wcslen.LIBCMT ref: 0020F9FD
                                                                                                                                                                                                                                                              • Part of subcall function 0025223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00252258
                                                                                                                                                                                                                                                              • Part of subcall function 0025223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0025228A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                            • Opcode ID: 4e00bad52193848881fa01933fb68f41698f535dd8ae568c178f9661c2ae8022
                                                                                                                                                                                                                                                            • Instruction ID: 5a9509200a4c60bae0566a94e5c7812176e0d2deeb68ab6c41e34bf5722a9200
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e00bad52193848881fa01933fb68f41698f535dd8ae568c178f9661c2ae8022
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3E1D0352293028FC754EF24C59083AB3E6BFD8354B14496DF8969B2E2DB30ED69CB51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00208968
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00208970
                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0020899B
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 002089A3
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 002089C8
                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 002089E5
                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 002089F5
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00208A28
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00208A3C
                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00208A5A
                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00208A76
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00208A81
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetCursorPos.USER32(?), ref: 00209141
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: ScreenToClient.USER32(00000000,?), ref: 0020915E
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetAsyncKeyState.USER32(00000001), ref: 00209183
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetAsyncKeyState.USER32(00000002), ref: 0020919D
                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,002090FC), ref: 00208AA8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                            • Opcode ID: 4f07550aa16b330d16121b80ec2c3d44791bdcc089492a0fdc821cbf464d05f3
                                                                                                                                                                                                                                                            • Instruction ID: e55e8adf281eb9d6fbefff6297e35866ae02dbbbb52caa14f6e09db6e8124bf2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f07550aa16b330d16121b80ec2c3d44791bdcc089492a0fdc821cbf464d05f3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5B18A75A1020A9FDF14DFA8DC49BAA7BB4FB49314F104229FA05A72D1DB74E860CF51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00251114
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251120
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 0025112F
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251136
                                                                                                                                                                                                                                                              • Part of subcall function 002510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0025114D
                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00250DF5
                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00250E29
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00250E40
                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00250E7A
                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00250E96
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00250EAD
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00250EB5
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00250EBC
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00250EDD
                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00250EE4
                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00250F13
                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00250F35
                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00250F47
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250F6E
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250F75
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250F7E
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250F85
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00250F8E
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250F95
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00250FA1
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00250FA8
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: GetProcessHeap.KERNEL32(00000008,00250BB1,?,00000000,?,00250BB1,?), ref: 002511A1
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00250BB1,?), ref: 002511A8
                                                                                                                                                                                                                                                              • Part of subcall function 00251193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00250BB1,?), ref: 002511B7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                            • Opcode ID: 4e838e93e0bc4be411f7bf9860585da5c3285c1fd65b2326b71cf7798245f236
                                                                                                                                                                                                                                                            • Instruction ID: 3af422afad2752cfb1b59f8dc9134cab64d199695d2bafc2930ed2e28a3e1274
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e838e93e0bc4be411f7bf9860585da5c3285c1fd65b2326b71cf7798245f236
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A717E7591120AEBDF209FA4EC89FAEBBB8BF04341F144125F919A6191DB319D19CB70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0027C4BD
                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0028CC08,00000000,?,00000000,?,?), ref: 0027C544
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0027C5A4
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027C5F4
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027C66F
                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0027C6B2
                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0027C7C1
                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0027C84D
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0027C881
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027C88E
                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0027C960
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                            • Opcode ID: 9e469812c7e21e37f4bd26d4cdae79dc24f4894a6bc5d6880aba802862b9a594
                                                                                                                                                                                                                                                            • Instruction ID: 31aa61e77efb35ed95e83947cff68eff0479f0e9ae1b7e70b188c3ff6fcccb22
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e469812c7e21e37f4bd26d4cdae79dc24f4894a6bc5d6880aba802862b9a594
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 541278356142019FCB14DF24D891E2AB7E5FF88714F24889CF98A9B3A2DB31ED55CB81
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 002809C6
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280A01
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00280A54
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280A8A
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280B06
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00280B81
                                                                                                                                                                                                                                                              • Part of subcall function 0020F9F2: _wcslen.LIBCMT ref: 0020F9FD
                                                                                                                                                                                                                                                              • Part of subcall function 00252BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00252BFA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                            • Opcode ID: 68534803c563caecffe94c560bfb0a644d75b264803d8d58d4060ad111ffa653
                                                                                                                                                                                                                                                            • Instruction ID: ced090ecc7aa51bd1b76333189909b53e7342427751252f376693765e89e45e8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68534803c563caecffe94c560bfb0a644d75b264803d8d58d4060ad111ffa653
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76E1B1392293028FC754EF24C49096AB7E1FF98358F14895DF8955B3A2D730ED69CB81
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                            • Opcode ID: 933ac92378e1af6e7214b578ff6b4ced86cdb9665c9ef4b36b0b60f35fbcbff3
                                                                                                                                                                                                                                                            • Instruction ID: 5b4a33d8fb47773abc55c50c5cc8dcb5592cd5d39ec831c32b349e6a712b5084
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 933ac92378e1af6e7214b578ff6b4ced86cdb9665c9ef4b36b0b60f35fbcbff3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB71F53263016B8BCB20DE78C9415FB3395AFB0794B31812DF85D97284EA31CDA487A0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0028835A
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0028836E
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00288391
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002883B4
                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 002883F2
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00285BF2), ref: 0028844E
                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00288487
                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 002884CA
                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00288501
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0028850D
                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0028851D
                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00285BF2), ref: 0028852C
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00288549
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00288555
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                            • Opcode ID: 14ca7a5aa9935a8ac42ad6efeee0783be4e0b119aaf262a363da7a30db5d5a90
                                                                                                                                                                                                                                                            • Instruction ID: 654358a7433bb648b38b67b20285207b09189427bfe5b5eea3c43fd511bd8c7c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14ca7a5aa9935a8ac42ad6efeee0783be4e0b119aaf262a363da7a30db5d5a90
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1561147552120ABEEB14EF64DC85BFE77ACBF04711F504109F815E60D1DB74A9A0CBA0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                            • Opcode ID: 60322154263b78329f69db4f915d34c07ec890f26f5e518ef621873626e4da4f
                                                                                                                                                                                                                                                            • Instruction ID: 76ffa99a65c3ccd4fbffd560429bce7b1f20be496eacfe52ff72ab4a7d6efa29
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60322154263b78329f69db4f915d34c07ec890f26f5e518ef621873626e4da4f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2781FA71664219BBDB24BF60DC46FBE37A8EF15340F044025FE09AA1D6EB70D961CBA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00263EF8
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00263F03
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00263F5A
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00263F98
                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00263FD6
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0026401E
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00264059
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00264087
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                            • Opcode ID: e8bb2b700d69ee87e92800a26ee762116dd5658c8ece360935d59d89397c3d2f
                                                                                                                                                                                                                                                            • Instruction ID: 86f2c59507eb6c0226713416d38e14842e21e16c10fbc4de2806c878646f1c94
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8bb2b700d69ee87e92800a26ee762116dd5658c8ece360935d59d89397c3d2f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3571E2326142169FC310EF24C8818BAB7F4FFA4798F10492DF99597291EB31ED99CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00255A2E
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00255A40
                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00255A57
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00255A6C
                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00255A72
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00255A82
                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00255A88
                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00255AA9
                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00255AC3
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00255ACC
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00255B33
                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00255B6F
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00255B75
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00255B7C
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00255BD3
                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00255BE0
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00255C05
                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00255C2F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                            • Opcode ID: 17c0cb240d9954a49a4d7a7c406105c9341cf9e981efa2bda9c2068d7d842f78
                                                                                                                                                                                                                                                            • Instruction ID: fc476e75867d1d92456d7b4c91c62a397e0cd0b240a445a876950e3fcd1b8eb9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17c0cb240d9954a49a4d7a7c406105c9341cf9e981efa2bda9c2068d7d842f78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C271CF31910B16EFCB20DFA8CE99A6EBBF5FF48705F100528E542A25A0D774E918CF64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 0026FE27
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0026FE32
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0026FE3D
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 0026FE48
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 0026FE53
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 0026FE5E
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 0026FE69
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 0026FE74
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 0026FE7F
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 0026FE8A
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 0026FE95
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 0026FEA0
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 0026FEAB
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 0026FEB6
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0026FEC1
                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0026FECC
                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 0026FEDC
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0026FF1E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                            • Opcode ID: c892ecedf73599e88264ebd09667f34636f347ba6ea8f7c78ea6a248e8a1d047
                                                                                                                                                                                                                                                            • Instruction ID: a531b5bfa74fa4036ff54a6a0e568cc5b72076087bcb0af0bb1886915b8335ec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c892ecedf73599e88264ebd09667f34636f347ba6ea8f7c78ea6a248e8a1d047
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B4185B0D0431A6ADB10DFBA9C8985EBFE8FF04354B50452AF11DE7681DB789941CF90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[+
                                                                                                                                                                                                                                                            • API String ID: 176396367-1283632702
                                                                                                                                                                                                                                                            • Opcode ID: 5527600d0fe0c09bfd169f9e437e020863c427443b783d7e6a13cf17bdb7d0b4
                                                                                                                                                                                                                                                            • Instruction ID: a2ad3c2bf01503dbfce288ebe0d346e14239b1ad255817e86e6b68f76cbabb61
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5527600d0fe0c09bfd169f9e437e020863c427443b783d7e6a13cf17bdb7d0b4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85E1F532A20516ABCB14DF78C4417FDBBB0BF14791F649119EC56E7240DB30AEAD8B94
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 002100C6
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(002C070C,00000FA0,B426D1E9,?,?,?,?,002323B3,000000FF), ref: 0021011C
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,002323B3,000000FF), ref: 00210127
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,002323B3,000000FF), ref: 00210138
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0021014E
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0021015C
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0021016A
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00210195
                                                                                                                                                                                                                                                              • Part of subcall function 002100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 002101A0
                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 002100E7
                                                                                                                                                                                                                                                              • Part of subcall function 002100A3: __onexit.LIBCMT ref: 002100A9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00210162
                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00210133
                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00210148
                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00210154
                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00210122
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                            • Opcode ID: ec7edc863331771740de25076496bc26618a2e3d1501c6a00efdd0623fcaa39c
                                                                                                                                                                                                                                                            • Instruction ID: c5155d42342318891f6954d37e73423eea722d2b41999799ba7546d108fb207d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec7edc863331771740de25076496bc26618a2e3d1501c6a00efdd0623fcaa39c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D213736662301EBD7106B64BD8DFAA73D4EB19B51F200129F905E22D1DBF498A08BA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,0028CC08), ref: 00264527
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026453B
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00264599
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002645F4
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026463F
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002646A7
                                                                                                                                                                                                                                                              • Part of subcall function 0020F9F2: _wcslen.LIBCMT ref: 0020F9FD
                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,002B6BF0,00000061), ref: 00264743
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                            • Opcode ID: 99cdf2a0a5f4fa9c774e83a6f96bffe4af6eee13f8a5802ad1579ada298f2a28
                                                                                                                                                                                                                                                            • Instruction ID: afb272f43ef4358440eb59f57741ec6d9ee1e6a7cf1da7bb5ceba05495ebbe1a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99cdf2a0a5f4fa9c774e83a6f96bffe4af6eee13f8a5802ad1579ada298f2a28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DB1F0716283029FC710EF28C890A7AB7E5AFA5764F50491DF5D6C7291D730D8A4CBA2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00289147
                                                                                                                                                                                                                                                              • Part of subcall function 00287674: ClientToScreen.USER32(?,?), ref: 0028769A
                                                                                                                                                                                                                                                              • Part of subcall function 00287674: GetWindowRect.USER32(?,?), ref: 00287710
                                                                                                                                                                                                                                                              • Part of subcall function 00287674: PtInRect.USER32(?,?,00288B89), ref: 00287720
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 002891B0
                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 002891BB
                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 002891DE
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00289225
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0028923E
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00289255
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00289277
                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 0028927E
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00289371
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#,
                                                                                                                                                                                                                                                            • API String ID: 221274066-1116815550
                                                                                                                                                                                                                                                            • Opcode ID: 131d4d6fd4dd0247e0cfd3a17b1a89f89b25f56fc7143c274685e8e6b9ae2fac
                                                                                                                                                                                                                                                            • Instruction ID: 5539e4ba1f5e810056bfa19ded9f15da3319bf004b243c620420064314481e28
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 131d4d6fd4dd0247e0cfd3a17b1a89f89b25f56fc7143c274685e8e6b9ae2fac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72619D71109305AFC705EF54DC89EAFBBE8EF99350F100A2DF596921A1DB309A58CB62
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(002C1990), ref: 00232F8D
                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(002C1990), ref: 0023303D
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00233081
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0023308A
                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(002C1990,00000000,?,00000000,00000000,00000000), ref: 0023309D
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 002330A9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: e3cd748e53b83585663af8cf3a1353f36260fafdd76e1e62a32e07fe1e6920da
                                                                                                                                                                                                                                                            • Instruction ID: 267010a245ce32e58695937e3c91c47d68277dfb70a467b3ef43fa41871240c1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3cd748e53b83585663af8cf3a1353f36260fafdd76e1e62a32e07fe1e6920da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23713AB065020AFEEB259F64DC49FAABF64FF01364F204216F6246A1E1C7B1AD24CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00286DEB
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00286E5F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00286E81
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00286E94
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00286EB5
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,001F0000,00000000), ref: 00286EE4
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00286EFD
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00286F16
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00286F1D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00286F35
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00286F4D
                                                                                                                                                                                                                                                              • Part of subcall function 00209944: GetWindowLongW.USER32(?,000000EB), ref: 00209952
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                            • Opcode ID: dce03618f2da455e92b8ca7b1368c342d7e05fb86522d778db5cc98b6b1e86f1
                                                                                                                                                                                                                                                            • Instruction ID: d147969cdcb421b392cd6cc5441c5c51dfd45c9d18d0d31da8800dbc17a15987
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dce03618f2da455e92b8ca7b1368c342d7e05fb86522d778db5cc98b6b1e86f1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8718978115245AFDB25DF18EC4CFAABBE9FB99300F14041DFA89872A1D770E925CB21
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0026C4B0
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0026C4C3
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0026C4D7
                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0026C4F0
                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0026C533
                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0026C549
                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0026C554
                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0026C584
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0026C5DC
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0026C5F0
                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0026C5FB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: 2c960e1d2cb89efec653499fcf6c3c3199ae32ffb96c441f9669022ab8d87df3
                                                                                                                                                                                                                                                            • Instruction ID: 394e4da628ad4dd54fd00e5a417703e81ee71c665e5a9f6953a310fb2b0f9756
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c960e1d2cb89efec653499fcf6c3c3199ae32ffb96c441f9669022ab8d87df3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47516EB4510209BFDB21AF60DD48ABB7BBCFB08354F20441AF98696250DB34E9949F60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00288592
                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885A2
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885AD
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885BA
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 002885C8
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885D7
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002885E0
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885E7
                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002885F8
                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0028FC38,?), ref: 00288611
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00288621
                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00288641
                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00288671
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00288699
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 002886AF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                            • Opcode ID: c90b3da833dff97c235cf552376c3d176caf8f12bd44852860389dc7784fcff4
                                                                                                                                                                                                                                                            • Instruction ID: f31eaa705892a36f427b7675235eef156848a10d7630e1abdf84e9c36a6b1851
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c90b3da833dff97c235cf552376c3d176caf8f12bd44852860389dc7784fcff4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2412C79602205AFDB11DF65DC8CEAA7BBDFF89711F504058F905E7291DB709901DB20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00261502
                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0026150B
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00261517
                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 002615FB
                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00261657
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00261708
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0026178C
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002617D8
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 002617E7
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00261823
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                            • Opcode ID: 6f95be4a688f0c56b75fa5de577ce2ead6ee1880a592205d033c2f813141cb2c
                                                                                                                                                                                                                                                            • Instruction ID: 5f38a79d36c8674ec6beda90266d19759c0dbe522dfd462998ff97db90974caa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f95be4a688f0c56b75fa5de577ce2ead6ee1880a592205d033c2f813141cb2c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09D1F272A20205DBDB10AF65E885B79F7B5BF45700F688056E407AB581EB70FCB0DBA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0027B6AE,?,?), ref: 0027C9B5
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027C9F1
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA68
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA9E
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0027B6F4
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0027B772
                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0027B80A
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0027B87E
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0027B89C
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0027B8F2
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0027B904
                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0027B922
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0027B983
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027B994
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                            • Opcode ID: 5d0daf7fc85519f91b48f8ee189d94b0380c053f0257b32e99303f7a2887232c
                                                                                                                                                                                                                                                            • Instruction ID: c70b31cd400c1f45cf8284b8d78a4854f547a38ed5bf771effc36aa349ef5b75
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d0daf7fc85519f91b48f8ee189d94b0380c053f0257b32e99303f7a2887232c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAC17C35214202EFD715DF24C495F2ABBE5BF84318F14C45CE5AA8B2A2CB71EC55CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 002725D8
                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 002725E8
                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 002725F4
                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00272601
                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0027266D
                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 002726AC
                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 002726D0
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 002726D8
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 002726E1
                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 002726E8
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 002726F3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                            • Opcode ID: e7cece979d7ad3e8e41c267d767d1710e62ba5fb473f5a4b6e267420bd03a1e6
                                                                                                                                                                                                                                                            • Instruction ID: f1d97d1aba7f883c8c4868901177fdb20e0823ffd26f4d75529b417e090967f0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7cece979d7ad3e8e41c267d767d1710e62ba5fb473f5a4b6e267420bd03a1e6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6610475D10219EFCF14CFA4D988AAEBBB9FF48310F20852AE959A7250D770A951CF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0022DAA1
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D659
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D66B
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D67D
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D68F
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6A1
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6B3
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6C5
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6D7
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6E9
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D6FB
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D70D
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D71F
                                                                                                                                                                                                                                                              • Part of subcall function 0022D63C: _free.LIBCMT ref: 0022D731
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DA96
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DAB8
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DACD
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DAD8
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DAFA
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB0D
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB1B
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB26
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB5E
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB65
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB82
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022DB9A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                            • Opcode ID: f3f85bb34cbc6eb488def0f61e395f3ff7b373a4d24a1479270578eeaed92ff0
                                                                                                                                                                                                                                                            • Instruction ID: 312e170de2a855e59f7ef906fc2ed01a17a744a53cc63902211157f275ba42e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3f85bb34cbc6eb488def0f61e395f3ff7b373a4d24a1479270578eeaed92ff0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96315A31664226FFEB21AFB8F845B5AB7E9FF04310F615819F449D7191DE31ACA48B20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0025369C
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002536A7
                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00253797
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0025380C
                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 0025385D
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00253882
                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 002538A0
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 002538A7
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00253921
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0025395D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                            • Opcode ID: 8f8e69734f3316dba380bd7959315b86c4e705455a840865d17879ed8cf4c8df
                                                                                                                                                                                                                                                            • Instruction ID: bad4a385aaafea1b75b47b3840ac5bfe7cd0662aa209ea93a35f70bade99390f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f8e69734f3316dba380bd7959315b86c4e705455a840865d17879ed8cf4c8df
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4891D1B1214607AFD719DF24C884BEAF7A8FF44391F005529FD99C2190DB30EA69CBA5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00254994
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 002549DA
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002549EB
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 002549F7
                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00254A2C
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00254A64
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00254A9D
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00254AE6
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00254B20
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00254B8B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                            • Opcode ID: f290c91b2c96e410744f8d723a203c7729f7034db596350f3ba96baf03f76508
                                                                                                                                                                                                                                                            • Instruction ID: a234b3599ea9fe0e1ba8beb18871bd67f6a0fdd2ffd1f9f2292c2b2b91f38d79
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f290c91b2c96e410744f8d723a203c7729f7034db596350f3ba96baf03f76508
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3191F7314242069FDB04EF14C885FBAB7E8FF84319F044469FD859A095EB30EDA9CBA5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00288D5A
                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00288D6A
                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00288D75
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00288E1D
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00288ECF
                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00288EEC
                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00288EFC
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00288F2E
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00288F70
                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00288FA1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: b78d99135c738fdead380e81de7386fd2c9aaac3ef161d29cb0d8939f8132944
                                                                                                                                                                                                                                                            • Instruction ID: ce48d4cd00d93f4cff791dc5ab43aaaee2ea62939883abf5816e5208d78ecfa9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b78d99135c738fdead380e81de7386fd2c9aaac3ef161d29cb0d8939f8132944
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD81C2795163029FDB10EF24D884A6B77E9FF98314F500519FA84972D1DB70D920CB62
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0025DC20
                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0025DC46
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025DC50
                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0025DCA0
                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0025DCBC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                            • Opcode ID: f92769da317d71d20996d15e5b3aea2c0e5b8d4abfb90bda05c7ca3b1b77cc28
                                                                                                                                                                                                                                                            • Instruction ID: 683fd10afafc1ba56ef9c4280a44012b5f5fb1d2d323ff70b509042be8576b74
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f92769da317d71d20996d15e5b3aea2c0e5b8d4abfb90bda05c7ca3b1b77cc28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C94127325612017ADB20BA64DC07EFF77ACEF56711F100065FD00A21C3EB749A648BB9
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0027CC64
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0027CC8D
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0027CD48
                                                                                                                                                                                                                                                              • Part of subcall function 0027CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0027CCAA
                                                                                                                                                                                                                                                              • Part of subcall function 0027CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0027CCBD
                                                                                                                                                                                                                                                              • Part of subcall function 0027CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0027CCCF
                                                                                                                                                                                                                                                              • Part of subcall function 0027CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0027CD05
                                                                                                                                                                                                                                                              • Part of subcall function 0027CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0027CD28
                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0027CCF3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                            • Opcode ID: 3fdb8b7e45a771c185af62fa7a3ec376c6918432a283428d1c0b3badd7b7906c
                                                                                                                                                                                                                                                            • Instruction ID: 382b3f8ee55d4c5e3f908ad27a22972e5a4145a618360efbebf04a36c659c042
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fdb8b7e45a771c185af62fa7a3ec376c6918432a283428d1c0b3badd7b7906c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96318075912129BBD7218F60EC8CEFFBB7CEF45750F204169A909E2240D7709A459BB0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00263D40
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00263D6D
                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00263D9D
                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00263DBE
                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00263DCE
                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00263E55
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00263E60
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00263E6B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                            • Opcode ID: bc5fd3bb5ef7e1358d2b98169feb6cf3db4d732a215e7bd3d6ee909b94606264
                                                                                                                                                                                                                                                            • Instruction ID: 01c2ea219d73d3c5cf3c29c71b9d822724db53efdb7f8c9cbc757b0711ac80eb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc5fd3bb5ef7e1358d2b98169feb6cf3db4d732a215e7bd3d6ee909b94606264
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C631A17591020AABDB21DFA0DC49FEF37BCEF89700F2040A5F909D60A5E77497948B24
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0025E6B4
                                                                                                                                                                                                                                                              • Part of subcall function 0020E551: timeGetTime.WINMM(?,?,0025E6D4), ref: 0020E555
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0025E6E1
                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0025E705
                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0025E727
                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 0025E746
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0025E754
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0025E773
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0025E77E
                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 0025E78A
                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 0025E79B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                            • Opcode ID: 3fcf6b2f4afeb80c449e526f78359b9970e467599b767d6721872c2a0f0e9d6f
                                                                                                                                                                                                                                                            • Instruction ID: 049d4ebb5f2cab03bc838c8bb40966c1033ee7887835692e9ab193a11419b743
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fcf6b2f4afeb80c449e526f78359b9970e467599b767d6721872c2a0f0e9d6f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12218BB4220251AFEF045F20FC8DE267B6DEB5938AF611424F855821A1DF71AD289B38
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0025EA5D
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0025EA73
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0025EA84
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0025EA96
                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0025EAA7
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                            • Opcode ID: dffda737f52fed8fb5b55f3524e0a661838ed274da40d557c89ee5e91666ebff
                                                                                                                                                                                                                                                            • Instruction ID: 38610c2912e7972c89714d7198730473d94ae8f6f0b4c02c859d4c17f67e3384
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dffda737f52fed8fb5b55f3524e0a661838ed274da40d557c89ee5e91666ebff
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11543166025D79D724E762DC4ADFF6A7CEBD2B80F4404257911A20D1EBB01A55C5B0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00255CE2
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00255CFB
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00255D59
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00255D69
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00255D7B
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00255DCF
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00255DDD
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00255DEF
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00255E31
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00255E44
                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00255E5A
                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00255E67
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                            • Opcode ID: 52899a086f45fd114ea0515fff93618ac98282790acbca9312626b4b60d844c5
                                                                                                                                                                                                                                                            • Instruction ID: 8f3b6f42b2da128e006f79a1e33d2c3a81237f79fae42765949d226b3a1cb51e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52899a086f45fd114ea0515fff93618ac98282790acbca9312626b4b60d844c5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98514F75A11615AFDF18CF68DD99AAEBBB9FF48301F208128F905E6290D7709E14CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00208F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00208BE8,?,00000000,?,?,?,?,00208BBA,00000000,?), ref: 00208FC5
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00208C81
                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00208BBA,00000000,?), ref: 00208D1B
                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00246973
                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00208BBA,00000000,?), ref: 002469A1
                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00208BBA,00000000,?), ref: 002469B8
                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00208BBA,00000000), ref: 002469D4
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 002469E6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                            • Opcode ID: ea918a719f7fff2e0355a9aa9b7b00a3587d47d0573db722a889eaf1ca4a41fd
                                                                                                                                                                                                                                                            • Instruction ID: 4cc83548eef755cc979cb8a92aa7a5461a4f2f053fcb9cd5a4f137b2ee7d6cb7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea918a719f7fff2e0355a9aa9b7b00a3587d47d0573db722a889eaf1ca4a41fd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89619E30522712DFEB299F24ED4DB2677F1FB42312F244519E082969A2CB71ACB0DF61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209944: GetWindowLongW.USER32(?,000000EB), ref: 00209952
                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00209862
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                            • Opcode ID: 51532b425e59b332130d63761433125d229485f13ea3d85b1196c6ed3361d0be
                                                                                                                                                                                                                                                            • Instruction ID: cabfb0dde6dd2a9096f6f0c5ea7331ddd6ffd23f7f90ec459dd47817d46b8897
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51532b425e59b332130d63761433125d229485f13ea3d85b1196c6ed3361d0be
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6241B1751157449FDB205F38AC8CBB93B65AB06330F248615F9A38B2E3D7319CA1DB20
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: .!
                                                                                                                                                                                                                                                            • API String ID: 0-3855568528
                                                                                                                                                                                                                                                            • Opcode ID: ec5f26ef2f8b155468bb6c5783760f72c976a86cee94218333bcff48d852a642
                                                                                                                                                                                                                                                            • Instruction ID: 1af2f69f9214d1e52a5f4b3117bdab738ab4e4827eb2381f9ee78d2da5b78640
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec5f26ef2f8b155468bb6c5783760f72c976a86cee94218333bcff48d852a642
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9C10475D2426ABFDB11DFE8E844BADBBB0AF09310F144059F814A7392CB759A91CF21
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0023F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00259717
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0023F7F8,00000001), ref: 00259720
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0023F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00259742
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0023F7F8,00000001), ref: 00259745
                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00259866
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                            • Opcode ID: 9549bc3725731a1c08d088570383c4a79e535537a419bd24edaac5cd8fef2985
                                                                                                                                                                                                                                                            • Instruction ID: bfd395d2ad23fc850007f1a20ca63c23d6cacded1ca8713ff11b102b3dd57afa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9549bc3725731a1c08d088570383c4a79e535537a419bd24edaac5cd8fef2985
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D041197280021DAACB15FBA0DE86EFEB778AF65341F600065F60572092EB756F58CB61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 002507A2
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 002507BE
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002507DA
                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00250804
                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0025082C
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00250837
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0025083C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                            • Opcode ID: 54381797df8921b27ed4fe3fe7807f37cb4e208332cfbc54055d562e1b76214d
                                                                                                                                                                                                                                                            • Instruction ID: 91588ac9b16fa85f485a1947b0f69c4fc276ad39b8a404fa48945367dc839a30
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54381797df8921b27ed4fe3fe7807f37cb4e208332cfbc54055d562e1b76214d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841147282062DABDF11EFA4DC85DFDB7B8BF14390B144129E911A7160EB309E18CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00273C5C
                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00273C8A
                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00273C94
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00273D2D
                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00273DB1
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00273ED5
                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00273F0E
                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,0028FB98,?), ref: 00273F2D
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00273F40
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00273FC4
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00273FD8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                            • Opcode ID: 8931fa62e0aaf073972fc57f42275efbf6f2a89ef20dcff90e6a8f1a69331590
                                                                                                                                                                                                                                                            • Instruction ID: 0f597156c76f37109597413944060b4e8df92a52c7c24f996ed0d5b8dca839e3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8931fa62e0aaf073972fc57f42275efbf6f2a89ef20dcff90e6a8f1a69331590
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43C166716183059FD700DF68C88492BB7E9FF89744F10891DF98A9B250D731EE15CB62
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00267AF3
                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00267B8F
                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00267BA3
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0028FD08,00000000,00000001,002B6E6C,?), ref: 00267BEF
                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00267C74
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00267CCC
                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00267D57
                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00267D7A
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00267D81
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00267DD6
                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00267DDC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                            • Opcode ID: 9d4134da64659f58c314b58cb184abdcd42552d9ad70334a13979a41a3d601b2
                                                                                                                                                                                                                                                            • Instruction ID: 79141f6d4dc8d779f46fe6e347bf188e7f0a4c31f0fd95908b26d05a0a1ede62
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d4134da64659f58c314b58cb184abdcd42552d9ad70334a13979a41a3d601b2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02C12B75A14109AFCB14DFA4D888DAEBBF9FF48308B148499E919DB361D730ED85CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00285504
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00285515
                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 00285544
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00285585
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0028559B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002855AC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                            • Opcode ID: 2446ef9899b786a070932afeb3de73d0a4f5435c5f38f5464a084adce0f725bb
                                                                                                                                                                                                                                                            • Instruction ID: fa5dff1fbe0e2a3bd372f39fb2619e71875f3e51569e083253c3c4d86bab299a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2446ef9899b786a070932afeb3de73d0a4f5435c5f38f5464a084adce0f725bb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F661A038922629EBDF10AF50CC84DFE7BB9FF05321F108155F525A62D0D7749AA0DBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0024FAAF
                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0024FB08
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0024FB1A
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0024FB3A
                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0024FB8D
                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0024FBA1
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0024FBB6
                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0024FBC3
                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0024FBCC
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0024FBDE
                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0024FBE9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                            • Opcode ID: bd4645547f924909865a497e63f388e3d8c5c98da8b4e69d432706068c4ce1b8
                                                                                                                                                                                                                                                            • Instruction ID: 9db0d82da547f247759dfe41a7687dc1962e09f596f459c5cf7b6b21802d3ed3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd4645547f924909865a497e63f388e3d8c5c98da8b4e69d432706068c4ce1b8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32416F35A10219DFCB04DF68DD58DAEBBB9FF48344F108069E946A7261DB30A995CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00259CA1
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00259D22
                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00259D3D
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00259D57
                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00259D6C
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00259D84
                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00259D96
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00259DAE
                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00259DC0
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00259DD8
                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00259DEA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                            • Opcode ID: a873db01aa12776954b96d2e4480b0ce9711c2a3b3d337d70a4c54bc30142b15
                                                                                                                                                                                                                                                            • Instruction ID: 9a0ceb1f1e50ef75dd9a935112469599d90045beb62f78736f8dd34fd1c970b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a873db01aa12776954b96d2e4480b0ce9711c2a3b3d337d70a4c54bc30142b15
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E4128345257CBA9FF319F6088043B5BEB0AF15306F04805ACEC2165C2E7B599ECC7AA
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 002705BC
                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 0027061C
                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00270628
                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00270636
                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002706C6
                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002706E5
                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 002707B9
                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 002707BF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                            • Opcode ID: 5b5da365f1533094ccd2de75e2578f1729870c73029196ac50377c9dc0382ae6
                                                                                                                                                                                                                                                            • Instruction ID: f17cf3b701136b83e553343c3887edabba88b5264158bb68c720e8ef435a2bec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b5da365f1533094ccd2de75e2578f1729870c73029196ac50377c9dc0382ae6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C919B35614202DFD324CF15D4C8F2ABBE4AF48318F14C5A9E4698BAA2C770EC59CF91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                            • Opcode ID: abf481e52e813f0dca3eb466aa97f9d9dd53a361f49d6000be75c97788c25a58
                                                                                                                                                                                                                                                            • Instruction ID: 279b3afa72047805d9bfa0185339afad0c498bab18aa7ef3967c5627533c7da3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abf481e52e813f0dca3eb466aa97f9d9dd53a361f49d6000be75c97788c25a58
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A51C231A601179BCF24DF68C8449BEB7A5BF64760B208229F52AE72C4EB30DD60C790
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00273774
                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 0027377F
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0028FB78,?), ref: 002737D9
                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 0027384C
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 002738E4
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00273936
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                            • Opcode ID: e563c26c117644b75051cd7db242cbea7df4367659163a92dde3a037c9cd6159
                                                                                                                                                                                                                                                            • Instruction ID: 60e0fe1f39b6ba6958ead047c6b8d747a7810ba69182fb03c9436e75dbe2776c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e563c26c117644b75051cd7db242cbea7df4367659163a92dde3a037c9cd6159
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B461B170628302AFD311DF54D889F6AB7E8EF49710F108819F9899B291C770EE58DB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetCursorPos.USER32(?), ref: 00209141
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: ScreenToClient.USER32(00000000,?), ref: 0020915E
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetAsyncKeyState.USER32(00000001), ref: 00209183
                                                                                                                                                                                                                                                              • Part of subcall function 0020912D: GetAsyncKeyState.USER32(00000002), ref: 0020919D
                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00288B6B
                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00288B71
                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00288B77
                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00288C12
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00288C25
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00288CFF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#,
                                                                                                                                                                                                                                                            • API String ID: 1924731296-1314865358
                                                                                                                                                                                                                                                            • Opcode ID: 779c77a042e4b5c4f0c65e29b064c277394b382f34a868108c66ef8edd996954
                                                                                                                                                                                                                                                            • Instruction ID: 74462a0043d6be1ae88e43f30732b4c809ecf0f2a3c1390dde159699021451a5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 779c77a042e4b5c4f0c65e29b064c277394b382f34a868108c66ef8edd996954
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D551DD74115304AFD704EF24EC5AFAA77E4FB88710F50062DF956A72E2CB70A924CB62
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002633CF
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 002633F0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                            • Opcode ID: 9cbe0ab3cd9f8f51a65d69b6bc42bfec2e7df5700af0669f89da0178926143a0
                                                                                                                                                                                                                                                            • Instruction ID: 44868847b355e355654bb83570e86769f605a03277dd0a3bd26fd75f9630e765
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cbe0ab3cd9f8f51a65d69b6bc42bfec2e7df5700af0669f89da0178926143a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88518D7191020EAADF15EBA0DD46EFEB778AF19384F244065F50572092EB352FA8DF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                            • Opcode ID: f89ad3f3154cf1453eabe907325c8a2e6854111eb50f3e63ae48174409a10564
                                                                                                                                                                                                                                                            • Instruction ID: 77eb04cb535ed44453832abad2b4e3bf25c66b4593263b624b1e4f2c04a5f1e2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f89ad3f3154cf1453eabe907325c8a2e6854111eb50f3e63ae48174409a10564
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12410B32A200279BCB116F7DC8905BEB7A9FF60795B244129EC25D7284F735CDA5C790
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 002653A0
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00265416
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00265420
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 002654A7
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                            • Opcode ID: 9f7491e5ead042b65a9450229bc14c34b04c14785cd9f438ba66a1eac77bd311
                                                                                                                                                                                                                                                            • Instruction ID: 005694318889fb3069d8bebf59864f609c599ab35429e3566e6b66f4ebcdb02e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f7491e5ead042b65a9450229bc14c34b04c14785cd9f438ba66a1eac77bd311
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5431C375A1051A9FC710DF68C488BAABBF4FF45305F1480A5E505CB292DB71DDD6CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00283C79
                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00283C88
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00283D10
                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00283D24
                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00283D2E
                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00283D5B
                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00283D63
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                            • Opcode ID: 3276e8d3cc2b7b5ad8f01f99c85c0d8f4529ef462181f82313f86ca8d04a6033
                                                                                                                                                                                                                                                            • Instruction ID: d8e5a1fe5f389ec2f7ee891acc95ce7c416df4ad1092b5cc0138b011d4317c41
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3276e8d3cc2b7b5ad8f01f99c85c0d8f4529ef462181f82313f86ca8d04a6033
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07418E7961220AEFDF14DF54E848E9A77B5FF49300F144029F906A73A0D730AA20CF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00283A9D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00283AA0
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00283AC7
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00283AEA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00283B62
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00283BAC
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00283BC7
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00283BE2
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00283BF6
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00283C13
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                            • Opcode ID: 23711895240e162d3f2644601019f85bc96bb86aaa68fb27bbb330d67b30db77
                                                                                                                                                                                                                                                            • Instruction ID: 628b4c7c3512a4ba6150b804e13041166c911d47e953a91b56578eea378ce5b9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23711895240e162d3f2644601019f85bc96bb86aaa68fb27bbb330d67b30db77
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F618C75911248AFDB10DF64CC81EEE77B8EB09704F10019AFA15A72D2D774AA61DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0025B151
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B165
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0025B16C
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B17B
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0025B18D
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B1A6
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B1B8
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B1FD
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B212
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0025A1E1,?,00000001), ref: 0025B21D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                            • Opcode ID: 125158795b3afa6dfa36bd452b9b9a1f044fe4db9398c43c1a0f4ef2d9afa0df
                                                                                                                                                                                                                                                            • Instruction ID: 5ebe05b62fe7f9e467932ee80b4e40cb1f5219e29440688f114576f74372d8f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 125158795b3afa6dfa36bd452b9b9a1f044fe4db9398c43c1a0f4ef2d9afa0df
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6731897A520605AFDB12DF24FC4CFAD7BA9BB51312F208425FE05D6190D7B49A448FB8
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222C94
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CA0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CAB
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CB6
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CC1
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CCC
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CD7
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CE2
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CED
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222CFB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                            • Opcode ID: 5d9d4575f67b65ed3afc7a01076abbeae6aaf2389807eccde1d03cac4ffb0a19
                                                                                                                                                                                                                                                            • Instruction ID: 3ecb5ea8f6d7910e97437db4a2fc26372740a4177761e98a9bc9e2b99f445b05
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d9d4575f67b65ed3afc7a01076abbeae6aaf2389807eccde1d03cac4ffb0a19
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC119676120118FFCB02EF94E842DDD3BA5FF09350F9154A5F9485B222D632EAA49F90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00267FAD
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00267FC1
                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00267FEB
                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00268005
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00268017
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00268060
                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002680B0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                            • Opcode ID: 2ccc227445b6a5b3dc689e97abad90545f7c9b0676e11df826c6701f38da1b33
                                                                                                                                                                                                                                                            • Instruction ID: cd55cdfce35d27f4d857fdc4f9648d6084bb047656f829bb2903f69678ac530a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ccc227445b6a5b3dc689e97abad90545f7c9b0676e11df826c6701f38da1b33
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B381D2715283069BCB20EF14D4449BAB3E8BF98314F144C6EF885C7250EB76DD99CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 001F5C7A
                                                                                                                                                                                                                                                              • Part of subcall function 001F5D0A: GetClientRect.USER32(?,?), ref: 001F5D30
                                                                                                                                                                                                                                                              • Part of subcall function 001F5D0A: GetWindowRect.USER32(?,?), ref: 001F5D71
                                                                                                                                                                                                                                                              • Part of subcall function 001F5D0A: ScreenToClient.USER32(?,?), ref: 001F5D99
                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 002346F5
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00234708
                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00234716
                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0023472B
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00234733
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 002347C4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                            • Opcode ID: 25da14deec20f89e9c5327d066fab55fb92c79e6504c4eca47848206f617e303
                                                                                                                                                                                                                                                            • Instruction ID: 33ad99b3a5d34be4e565c3ddfdf897a4b272da653b768ae5ef52e9ba50fc7f93
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25da14deec20f89e9c5327d066fab55fb92c79e6504c4eca47848206f617e303
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D471157441020ADFCF21AF64CD85ABA7BBAFF4A350F1402A5EE565A1A6C330AC61DF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002635E4
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • LoadStringW.USER32(002C2390,?,00000FFF,?), ref: 0026360A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                            • Opcode ID: 575e84c043d43bd0c6a55ca1775220222cb3ad65b5b87eae3262df5376442d67
                                                                                                                                                                                                                                                            • Instruction ID: 8d1f0948ec2862b500e3dff3d1a43982c56bd45bc04b7ec0dc7cd7b06a2d0f87
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 575e84c043d43bd0c6a55ca1775220222cb3ad65b5b87eae3262df5376442d67
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2517E7181021EAADF15EFA0DC46EFEBB78EF15344F144165F605721A2EB311AA8DF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0026C272
                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0026C29A
                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0026C2CA
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0026C322
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0026C336
                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0026C341
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: 75cc1eb1c87043ce6fa011fffb53cc25cba113de7bfb340a273bb4826f03d204
                                                                                                                                                                                                                                                            • Instruction ID: 0cfdba8a36175f9d5fae0eb85f8b3880636c5079253d5b2a9ec879f4fd4aeef5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75cc1eb1c87043ce6fa011fffb53cc25cba113de7bfb340a273bb4826f03d204
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54317175611208AFD721AF649C88ABB7BFCEB49744B24855EF88692300DB34DDA49B70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00233AAF,?,?,Bad directive syntax error,0028CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 002598BC
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00233AAF,?), ref: 002598C3
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00259987
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                            • Opcode ID: 9c4f3016f5977608f50731d4b11b4d450068ce2f41a76c55e83749d4f1d8a177
                                                                                                                                                                                                                                                            • Instruction ID: 854175bcc4a701a7e68e92f8e8429c5efbb5f73a10c2403f8216ca69d50e2bca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c4f3016f5977608f50731d4b11b4d450068ce2f41a76c55e83749d4f1d8a177
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B217E3182021EEBCF11EF90CC0AEFE7779BF28745F044465F615660A2EB759668DB20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 002520AB
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 002520C0
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0025214D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                            • Opcode ID: 0d56ac335c71b667090df53957ed8397366fe1dd4649dcc7dfa6c8a4538f073e
                                                                                                                                                                                                                                                            • Instruction ID: a98a71df8b70513820a1ae9ea7fb162b208551ec4e3f119f5a883177e20b2e36
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d56ac335c71b667090df53957ed8397366fe1dd4649dcc7dfa6c8a4538f073e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A511087A2B8B17F5F6053620AC06EE7339CCF16355B204015FE08A40D2FAB158795A18
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                            • Opcode ID: a47f3fc3eef0cacfce9e0a1caf3f21ad525e74e3c5ec2b3b8b998a110b34ba3d
                                                                                                                                                                                                                                                            • Instruction ID: 07376be28c9e2e2ce8ec4f189f563476add5730432fc03127bcec35cb9cd81e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a47f3fc3eef0cacfce9e0a1caf3f21ad525e74e3c5ec2b3b8b998a110b34ba3d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8615771924322FFDB21AFF4BD85A6D7BA5EF05310F24026EF80597291E6729D608B90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00285186
                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 002851C7
                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 002851CD
                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 002851D1
                                                                                                                                                                                                                                                              • Part of subcall function 00286FBA: DeleteObject.GDI32(00000000), ref: 00286FE6
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0028520D
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0028521A
                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0028524D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00285287
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00285296
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                            • Opcode ID: c1b3a5f3b782cbd31562b42e5af33e2f5341f32c9022df57cb3334daab3cd4f6
                                                                                                                                                                                                                                                            • Instruction ID: f44c4ece9431768f671bfaa0f935beb20ba81527375ea312fbefede844397069
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1b3a5f3b782cbd31562b42e5af33e2f5341f32c9022df57cb3334daab3cd4f6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2851C338A72A29FEEF20AF24CC4DBD87B65BB05321F144011F919962E1CB7599B0DF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00246890
                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002468A9
                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 002468B9
                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 002468D1
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 002468F2
                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00208874,00000000,00000000,00000000,000000FF,00000000), ref: 00246901
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0024691E
                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00208874,00000000,00000000,00000000,000000FF,00000000), ref: 0024692D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                            • Opcode ID: 90b241c14ad89eafb7e9847d3dbe7e9b81dac5c7fb2508a2aaec4a70eef4e77d
                                                                                                                                                                                                                                                            • Instruction ID: 0b75da1b32696276100a43b0590f1bdbab5e72b29f2d2ac9bc7d3a5a147af984
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90b241c14ad89eafb7e9847d3dbe7e9b81dac5c7fb2508a2aaec4a70eef4e77d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1151887062030AEFDB24CF24DC59FAA7BB5EB59354F204518F942D62E1DBB0E9A0DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0026C182
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0026C195
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0026C1A9
                                                                                                                                                                                                                                                              • Part of subcall function 0026C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0026C272
                                                                                                                                                                                                                                                              • Part of subcall function 0026C253: GetLastError.KERNEL32 ref: 0026C322
                                                                                                                                                                                                                                                              • Part of subcall function 0026C253: SetEvent.KERNEL32(?), ref: 0026C336
                                                                                                                                                                                                                                                              • Part of subcall function 0026C253: InternetCloseHandle.WININET(00000000), ref: 0026C341
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                            • Opcode ID: 7e7cda802d090d36007f4b10cb888ebbc7548eb6008daa059248e2cf06022986
                                                                                                                                                                                                                                                            • Instruction ID: e339fa837b7a0cd4bdf80ab594feded10f7f5be132e2b0c99519149b629ac87f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e7cda802d090d36007f4b10cb888ebbc7548eb6008daa059248e2cf06022986
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06318175111605AFDB21AFA5EC58A77BBF8FF58300B24841EFD9A82610D731E8649F60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00253A57
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetCurrentThreadId.KERNEL32 ref: 00253A5E
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002525B3), ref: 00253A65
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 002525BD
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 002525DB
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 002525DF
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 002525E9
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00252601
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00252605
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0025260F
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00252623
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00252627
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                            • Opcode ID: 7029ac3ab03c8ad7904ff23337fa666535633ba30e86161079b455741961793c
                                                                                                                                                                                                                                                            • Instruction ID: 53d74d1bb08fbcac401321615e5afe5a3918db935fd7d0e505da963f667ec5c4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7029ac3ab03c8ad7904ff23337fa666535633ba30e86161079b455741961793c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C801D8317A0220BBFB1067689CCEF593F5DDB4EB52F200011F718AE0D5CAF114588A79
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00251449,?,?,00000000), ref: 0025180C
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00251449,?,?,00000000), ref: 00251813
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00251449,?,?,00000000), ref: 00251828
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00251449,?,?,00000000), ref: 00251830
                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00251449,?,?,00000000), ref: 00251833
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00251449,?,?,00000000), ref: 00251843
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00251449,00000000,?,00251449,?,?,00000000), ref: 0025184B
                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00251449,?,?,00000000), ref: 0025184E
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00251874,00000000,00000000,00000000), ref: 00251868
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                            • Opcode ID: c35796204ab2b25ae5ca181a07b12d29f2ffdd4d86d023b2fda03a165c0f5a8f
                                                                                                                                                                                                                                                            • Instruction ID: 5cf3e0bdf7c91906b556cf115fd2e6a7e085923876b257821582c05e8128e3c9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c35796204ab2b25ae5ca181a07b12d29f2ffdd4d86d023b2fda03a165c0f5a8f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8101BF75241304BFE710ABA5EC8DF573B6CEB89B11F104411FA05DB192D7719810CB30
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                            • String ID: }}!$}}!$}}!
                                                                                                                                                                                                                                                            • API String ID: 1036877536-3591579571
                                                                                                                                                                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                            • Instruction ID: 7b77f529f966c94568dede10837cfd037cd2833127104cef0e7a4bb7a9b4a159
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95A18B71D303A6AFDB15DF98E8817AEBBE4EF21350F14416DE5458B281C2788EA1CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0025D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0025D501
                                                                                                                                                                                                                                                              • Part of subcall function 0025D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0025D50F
                                                                                                                                                                                                                                                              • Part of subcall function 0025D4DC: CloseHandle.KERNELBASE(00000000), ref: 0025D5DC
                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0027A16D
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0027A180
                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0027A1B3
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0027A268
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0027A273
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027A2C4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                            • Opcode ID: 9c245fc648718ab66cbdacc2a4159345278d59d7f450b40e3f0392692217113b
                                                                                                                                                                                                                                                            • Instruction ID: 2f9b0b8a6c59c7a0cf0a1a8b64669d33b817052904f399e0c4578ec6362ded63
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c245fc648718ab66cbdacc2a4159345278d59d7f450b40e3f0392692217113b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB61B331215242AFD710DF18C494F29BBE1AF94328F54C49CE85A4B7A3C772EC55CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00283925
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0028393A
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00283954
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00283999
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 002839C6
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002839F4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                            • Opcode ID: e778a1066167348aaded1d78a66a7b2c5a5172e0d0eb9acc079b10d61140f77e
                                                                                                                                                                                                                                                            • Instruction ID: a43a7c4a33b1087b17a5aae1c77d28cd890c4d6e0048e1e76633cbcfb5fecbab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e778a1066167348aaded1d78a66a7b2c5a5172e0d0eb9acc079b10d61140f77e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F41D335A11219ABEF21EF64CC49FEA77A9EF48750F100526F948E72C1D7709AA0CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0025BCFD
                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 0025BD1D
                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0025BD53
                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(01856090), ref: 0025BDA4
                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(01856090,?,00000001,00000030), ref: 0025BDCC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                            • Opcode ID: d142e574cc5265a2edc148293bcb8f2e8e4fd5e6d1500f6c078a531800e79450
                                                                                                                                                                                                                                                            • Instruction ID: e70686926de5b331ba158164c5e62f94f9882dcbc430254fb9e0fab72b5dbc6a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d142e574cc5265a2edc148293bcb8f2e8e4fd5e6d1500f6c078a531800e79450
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF51E3706122069BDF12CFA8D888BADBBF4BF45316F244159FC01E7290D7749968CB69
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00212D4B
                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00212D53
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00212DE1
                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00212E0C
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00212E61
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                            • String ID: &H!$csm
                                                                                                                                                                                                                                                            • API String ID: 1170836740-1203824471
                                                                                                                                                                                                                                                            • Opcode ID: 81a18ef58968da3c28ee4e8f20ffc96d1cf7537cf1e4a26bea05d3b7c8c19f9d
                                                                                                                                                                                                                                                            • Instruction ID: 2692d57b5f9b39e8e0c8d20b199e1db69af310a6c7e3b0693714407734292007
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a18ef58968da3c28ee4e8f20ffc96d1cf7537cf1e4a26bea05d3b7c8c19f9d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03419034A20209EBCF10DF68D845ADEBBE5BF55324F148155F814AB392D731AAB9CF90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0025C913
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                            • Opcode ID: 75b7c043576db526789365b4513e2a8885d89dcc62ade56b15f0bf6cec52164a
                                                                                                                                                                                                                                                            • Instruction ID: dc29da436d941e206b80eae79212b67c6d71521847b52e1608ec5a37964a3e36
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b7c043576db526789365b4513e2a8885d89dcc62ade56b15f0bf6cec52164a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18115B326B9307BEA7016B10DC86CFAA3DCCF15756B30002AFD04A62C2FBB45D64566C
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                            • Opcode ID: e66471b300eb2ed8e684759d8c4b2a2c854a484e85310b2b5b4b36a80751ac83
                                                                                                                                                                                                                                                            • Instruction ID: 480979df6002900a26fad095614f025ab22c0637c0f697fd5c05c7ec1b0aff76
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e66471b300eb2ed8e684759d8c4b2a2c854a484e85310b2b5b4b36a80751ac83
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0110A31924119ABDB34BB70DC4BEDE77ACDF11712F100169F905A6091EF708A958F64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                            • Opcode ID: 7c723f01a5fab461fb8e7b26d97425c59d95e91c2e9e17072d868a02617d1727
                                                                                                                                                                                                                                                            • Instruction ID: 0a0ea8b7d86f9003b0521d3d87f03de0510d4a421136d4f98282d6214467e6c2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c723f01a5fab461fb8e7b26d97425c59d95e91c2e9e17072d868a02617d1727
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF416265C20118A5CB11FBB4888AACFB7ECAF55710F518562E918E3122EB34D3A5C7E9
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0024682C,00000004,00000000,00000000), ref: 0020F953
                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0024682C,00000004,00000000,00000000), ref: 0024F3D1
                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0024682C,00000004,00000000,00000000), ref: 0024F454
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                            • Opcode ID: 5368b74744162523c94d5569d87994f38d468c4f65ea7434fc00d710f08a3ef7
                                                                                                                                                                                                                                                            • Instruction ID: 5a8f8bbb226871b76ae853318b3739033df76a45b43796759b1c0b624ac82fc3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5368b74744162523c94d5569d87994f38d468c4f65ea7434fc00d710f08a3ef7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF412C312747C5BAD7B89F28EB8CB267B95AB86314F14443DE04752DE3D771A4A0CB11
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00282D1B
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00282D23
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00282D2E
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00282D3A
                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00282D76
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00282D87
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00285A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00282DC2
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00282DE1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                            • Opcode ID: ab089d0d8de950b5ee9beb63ce5d9a2cce24b86052a17cd5a2a5dba727c8a87e
                                                                                                                                                                                                                                                            • Instruction ID: 275dc90c71ebf337462f220bae3a2ffa900733bf0443339604667bb455e5e83a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab089d0d8de950b5ee9beb63ce5d9a2cce24b86052a17cd5a2a5dba727c8a87e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2131AB7A212220BBEB148F50DC8AFEB3FADEF49711F144065FE089A291D6759C50CBB0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                            • Opcode ID: 10a316efb60174730e809ce33e1b9ca1bb44dcfc89fc1db6494134df452b85dd
                                                                                                                                                                                                                                                            • Instruction ID: 0a37f686d7b7f6507fdb414554f3bfa95dc63214d4a5f064342d34622b4afbfd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10a316efb60174730e809ce33e1b9ca1bb44dcfc89fc1db6494134df452b85dd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00214F6177192DB7D2046D114EA2FFA339CAF25346F500021FE045A589F770EE3486AD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                            • Opcode ID: 5ead707a34e6f725e2c66a25e1674b408f96e75f98ec5783b71ef3767da1c6e8
                                                                                                                                                                                                                                                            • Instruction ID: 5db1b6061af0ca72524f78d51f8ff447b717cfe02d61190aa991461fea8668e0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ead707a34e6f725e2c66a25e1674b408f96e75f98ec5783b71ef3767da1c6e8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95D1D371A1061A9FDF10CFA8C881BAEB7B5FF48344F14C069E919AB291E7B0DD55CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,002317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 002315CE
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,002317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00231651
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,002317FB,?,002317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 002316E4
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,002317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 002316FB
                                                                                                                                                                                                                                                              • Part of subcall function 00223820: RtlAllocateHeap.NTDLL(00000000,?,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6,?,001F1129), ref: 00223852
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,002317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00231777
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 002317A2
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 002317AE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                            • Opcode ID: 028c4eb314412f8415107b5da764d132918e723d1375de95bdde2171c8277b9c
                                                                                                                                                                                                                                                            • Instruction ID: 64a7e551490fcea1333af04531f6addf12c259b535432449401fb2186503b6f2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 028c4eb314412f8415107b5da764d132918e723d1375de95bdde2171c8277b9c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2391C5B1E302169ADF208FB4DC81AEEBBB59F49310F584659E805E7281D735CC70CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                            • Opcode ID: 68f18953f6ed37a4b71a8154d4d68a6f10d1fa4b43d908d6c868ae7d8412d02d
                                                                                                                                                                                                                                                            • Instruction ID: e7b7d9cc2970e099248e37d729519c9e8f4b1b1936a6493ab2f2aa133248b012
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68f18953f6ed37a4b71a8154d4d68a6f10d1fa4b43d908d6c868ae7d8412d02d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B91B270A20219AFDF24DFA5C884FAEBBB8EF46714F10C559F509AB281D7709951CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0026125C
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00261284
                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 002612A8
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002612D8
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0026135F
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002613C4
                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00261430
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                            • Opcode ID: bab96bcabc9aa1315bfa9c34cea6b061891b2444f25997b3ad7458f34302288e
                                                                                                                                                                                                                                                            • Instruction ID: 7d7d5fc3bcaf9d2f8c48d36708ed31ba171aa11254f39b7450d6c9b3a265fa62
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bab96bcabc9aa1315bfa9c34cea6b061891b2444f25997b3ad7458f34302288e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84910175A202199FEB00DFA4D884BBEB7B5FF45314F184029E901EB291DB74B9B1CB90
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                            • Opcode ID: ce72b5449e18bd7cee0fbcc99e6ce85ec07a884d7e23ed27eab15d3a58541612
                                                                                                                                                                                                                                                            • Instruction ID: a49dda8c7ab3aa120ccffb3657015381fdf1e5d952265f596422602e6b181bb3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce72b5449e18bd7cee0fbcc99e6ce85ec07a884d7e23ed27eab15d3a58541612
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2291287191021AAFCB14CFA9CC84AEEBFB8FF49320F144055E516B7292D374A991CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0027396B
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00273A7A
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00273A8A
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00273C1F
                                                                                                                                                                                                                                                              • Part of subcall function 00260CDF: VariantInit.OLEAUT32(00000000), ref: 00260D1F
                                                                                                                                                                                                                                                              • Part of subcall function 00260CDF: VariantCopy.OLEAUT32(?,?), ref: 00260D28
                                                                                                                                                                                                                                                              • Part of subcall function 00260CDF: VariantClear.OLEAUT32(?), ref: 00260D34
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                            • Opcode ID: 2ed62e2ba1b25961d272fa7dcc940980eee9694e78c09ec8ce21e9bcc9a996e2
                                                                                                                                                                                                                                                            • Instruction ID: 520c72caa0f9cd84335cd437cb994dd0e85983e10cc4195645a503a4be65e825
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ed62e2ba1b25961d272fa7dcc940980eee9694e78c09ec8ce21e9bcc9a996e2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A9154756283059FC704EF24C48196AB7E4FF89314F14886EF88A9B351DB30EE55DB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0025000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?,?,0025035E), ref: 0025002B
                                                                                                                                                                                                                                                              • Part of subcall function 0025000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?), ref: 00250046
                                                                                                                                                                                                                                                              • Part of subcall function 0025000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?), ref: 00250054
                                                                                                                                                                                                                                                              • Part of subcall function 0025000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?), ref: 00250064
                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00274C51
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00274D59
                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00274DCF
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00274DDA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                            • Opcode ID: aea07ccf78d0b4fda2798428ed2f6f847578d853cf0716c31cbdcda18d5b91fd
                                                                                                                                                                                                                                                            • Instruction ID: e64db55638734d4e17f97ca2fa3befd47116283d1a84ccf8662248036b4fda6c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aea07ccf78d0b4fda2798428ed2f6f847578d853cf0716c31cbdcda18d5b91fd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03913971D1021D9FDF14EFA4D881AEEB7B8FF08314F10816AE919A7241DB709A54CF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00282183
                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 002821B5
                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 002821DD
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00282213
                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0028224D
                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 0028225B
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00253A57
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetCurrentThreadId.KERNEL32 ref: 00253A5E
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002525B3), ref: 00253A65
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002822E3
                                                                                                                                                                                                                                                              • Part of subcall function 0025E97B: Sleep.KERNEL32 ref: 0025E9F3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                            • Opcode ID: 0cf4290c066f3e06e9fbf87880d738ac38f5e580c8e33e6b761425859da2bd1c
                                                                                                                                                                                                                                                            • Instruction ID: 79db813120a1ea6c72cd7851e1d5670828fa891f4b450e9c9cafe0cc2dd511ea
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cf4290c066f3e06e9fbf87880d738ac38f5e580c8e33e6b761425859da2bd1c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9971B139A10205EFCB10EF64C845AAEB7F5EF48310F108459E916EB385D734ED558F90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsWindow.USER32(018561A8), ref: 00287F37
                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(018561A8), ref: 00287F43
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0028801E
                                                                                                                                                                                                                                                            • SendMessageW.USER32(018561A8,000000B0,?,?), ref: 00288051
                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 00288089
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(018561A8,000000EC), ref: 002880AB
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 002880C3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                            • Opcode ID: 437690c45cf15455206a25b827854193a92db4e2036999c1e004110cfdc17465
                                                                                                                                                                                                                                                            • Instruction ID: 8dfb48f6c6a75ba52ebbdd7f7749c4098849a664277c5c4ee882f94135754f86
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 437690c45cf15455206a25b827854193a92db4e2036999c1e004110cfdc17465
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0771A23C62A205AFEB25AF55CC84FAA7BB5EF19300F240059FA45576E1CB31E864DB20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0025AEF9
                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0025AF0E
                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0025AF6F
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0025AF9D
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0025AFBC
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0025AFFD
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0025B020
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                            • Opcode ID: 60b35027106fcefe9b17d014664d9a2cfcc1aa64f803458021618986bcc7323d
                                                                                                                                                                                                                                                            • Instruction ID: f17aa86cc13c5610d29ff653ba2282c78739a6c9d981323459f0dce60f19917c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60b35027106fcefe9b17d014664d9a2cfcc1aa64f803458021618986bcc7323d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F15106A09243D23DFB3746348C06BBABE995B06305F088589E9D9458C2D3F9DCECD765
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 0025AD19
                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0025AD2E
                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0025AD8F
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0025ADBB
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0025ADD8
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0025AE17
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0025AE38
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                            • Opcode ID: 4ac0ab226695d32f89555f7e103853b629b9144d173a76fd39a1273534f7343b
                                                                                                                                                                                                                                                            • Instruction ID: d3fd3780d0edb5f737e1594467c961a6e1067a71eedbcf7c65193bdc892aefc2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac0ab226695d32f89555f7e103853b629b9144d173a76fd39a1273534f7343b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58516CA05253D23DF73347348C47B7ABEA86B05302F088658E8D5468C2D3B4ECACD766
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00233CD6,?,?,?,?,?,?,?,?,00225BA3,?,?,00233CD6,?,?), ref: 00225470
                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 002254EB
                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00225506
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00233CD6,00000005,00000000,00000000), ref: 0022552C
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00233CD6,00000000,00225BA3,00000000,?,?,?,?,?,?,?,?,?,00225BA3,?), ref: 0022554B
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00225BA3,00000000,?,?,?,?,?,?,?,?,?,00225BA3,?), ref: 00225584
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                            • Opcode ID: 7359e5b5f08e1bacf2d9fb0cee7e0f1168c61d0f3c5fb258e3f65b94aadb7b72
                                                                                                                                                                                                                                                            • Instruction ID: 7410915ebfd0bb73f53ca18d531be6fb9c9086b8fd19a57ab80df125a12e914f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7359e5b5f08e1bacf2d9fb0cee7e0f1168c61d0f3c5fb258e3f65b94aadb7b72
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6451F570910669AFDB10CFE8E885BEEBBF9EF08300F14811AF555E3291D7309A61CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0027304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0027307A
                                                                                                                                                                                                                                                              • Part of subcall function 0027304E: _wcslen.LIBCMT ref: 0027309B
                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00271112
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271121
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 002711C9
                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 002711F9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                            • Opcode ID: 00df3a4f43536194065ef2bdd2db14244da9cd01e4b9ff67603d3631029c6819
                                                                                                                                                                                                                                                            • Instruction ID: 8e74691dcd81e14c3059635f8ff719e762061b588d791067998f3f061e10627b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00df3a4f43536194065ef2bdd2db14244da9cd01e4b9ff67603d3631029c6819
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4341F235610209AFDB109F68D889BAABBE9EF45324F54C059FE0D9F291C770AD51CBE0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0025DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0025CF22,?), ref: 0025DDFD
                                                                                                                                                                                                                                                              • Part of subcall function 0025DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0025CF22,?), ref: 0025DE16
                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0025CF45
                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0025CF7F
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025D005
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025D01B
                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0025D061
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                            • Opcode ID: 35fac622f1cf8b18d3f359ba3a7b8c9f3c3fd0180a8f6ca42ef3ea6d977fc037
                                                                                                                                                                                                                                                            • Instruction ID: 2891796a9b98adbfd28475b54e78ea18324d22cec519a9211a8a44b4e9aef717
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35fac622f1cf8b18d3f359ba3a7b8c9f3c3fd0180a8f6ca42ef3ea6d977fc037
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 624176718152195FDF12EFA4DD81ADEB7B8AF18381F1000E6E909EB141EB34AB98CF54
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00282E1C
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00282E4F
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00282E84
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00282EB6
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00282EE0
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00282EF1
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00282F0B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                            • Opcode ID: cda5f1c06da09e4fa6d4e92516d7520085fad5601234f4831a8c81ab2b9fad2a
                                                                                                                                                                                                                                                            • Instruction ID: 844f01fe68f98e901979215b8ccc1d1cdd090d63a31120d436616f8e60c8dc85
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cda5f1c06da09e4fa6d4e92516d7520085fad5601234f4831a8c81ab2b9fad2a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77311538616151DFDB21EF18EC89F6537E4EB9A711F140165F9009B2F2CB71B868DB14
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00257769
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0025778F
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00257792
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 002577B0
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 002577B9
                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 002577DE
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 002577EC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                            • Opcode ID: 7b6e46e24025fb70f39ba4dbc8ced45a790fec6c0378f19f202dc04cf190db63
                                                                                                                                                                                                                                                            • Instruction ID: e937ffe430e12c585e10d02c7887773fe31951491fd35b5ec08ea1c0f5ff9a5c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b6e46e24025fb70f39ba4dbc8ced45a790fec6c0378f19f202dc04cf190db63
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF21B27A615219AFDB10EFA8FC88CBBB3ACEB093647108025FD04DB191D670DC458B74
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00257842
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00257868
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0025786B
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 0025788C
                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00257895
                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 002578AF
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 002578BD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                            • Opcode ID: d7cde038fdb2cbc96a1e1a7d05f1c07615b682de65a4c26d5ef4eaa2a6ea5a45
                                                                                                                                                                                                                                                            • Instruction ID: 24583c1d0c901a885c2d26e60bd95cceae192913d39538f83e3ccae7130fcc3a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7cde038fdb2cbc96a1e1a7d05f1c07615b682de65a4c26d5ef4eaa2a6ea5a45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3521C135619215AFDB10AFA8EC8CDAA77ECEB083607108025F914CB2A1D770DC85DB78
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 002604F2
                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0026052E
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                            • Opcode ID: 25a7f6e5dbf40148168c66b6b68f2ede0e75fb8c9677d30ac344c0468bb86ba7
                                                                                                                                                                                                                                                            • Instruction ID: 990b8e0710036a53dae2e8e21406b6eeb89a82770714fc8cc87b322c97f2a4d5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a7f6e5dbf40148168c66b6b68f2ede0e75fb8c9677d30ac344c0468bb86ba7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 442174759103069FDF209F29DC88A9B77B4BF45724F604A19F8A2D72E0D77099A0EF20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 002605C6
                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00260601
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                            • Opcode ID: fd601c9284818684df8e6505aba278fcc804ea623f366061074a3e85c97fd13d
                                                                                                                                                                                                                                                            • Instruction ID: 2262721f821dfe961d41c391747e24476ff5e2b91c327b9e51834526b41174f2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd601c9284818684df8e6505aba278fcc804ea623f366061074a3e85c97fd13d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C2156755103069BDB209F69DC84A5B77E8BF95720F300A19F8A1E72D0D7B099B0DB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001F604C
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: GetStockObject.GDI32(00000011), ref: 001F6060
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 001F606A
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00284112
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0028411F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0028412A
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00284139
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00284145
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                            • Opcode ID: e40df6efc3ab4990e4e437659a125dc87349e5e5d97fbd32eeaf27e427741665
                                                                                                                                                                                                                                                            • Instruction ID: 617718a35adc2b1735948f1e2193c7b4a37aff0f1e113f99432a254ce513aa4b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e40df6efc3ab4990e4e437659a125dc87349e5e5d97fbd32eeaf27e427741665
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE1190B616021ABEEF119F64CC86EE77F5DEF09798F114110BA18A2090CB729C219BA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0022D7A3: _free.LIBCMT ref: 0022D7CC
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D82D
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D838
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D843
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D897
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D8A2
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D8AD
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D8B8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                            • Instruction ID: 340e7a5256a36b7668dd05b49544e0200e3a1b1c68c68aa2c120618de681e943
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA115171560B24FAD521BFF0EC47FCBBBDC6F04700F800825B2D9A6092DA6DB5654E50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0025DA74
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0025DA7B
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0025DA91
                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0025DA98
                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0025DADC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0025DAB9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                            • Opcode ID: e46881607acb1e96099666d42bd6073b5ee6c9258e62fc2cc0084a4bee438605
                                                                                                                                                                                                                                                            • Instruction ID: adec69fb5362a2828c0ac24ebcb02a223af1c74d2925666ea90f1223b9222e5c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e46881607acb1e96099666d42bd6073b5ee6c9258e62fc2cc0084a4bee438605
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 070186F69102087FE710EBA4AD8DEE7736CE708301F5004A2B746E2041E7749E844F74
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0184E700,0184E700), ref: 0026097B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0184E6E0,00000000), ref: 0026098D
                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0026099B
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 002609A9
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002609B8
                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0184E700,000001F6), ref: 002609C8
                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0184E6E0), ref: 002609CF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                            • Opcode ID: 154e61b171dc491ea20fcd15a2e211741022026cb4b472f6dbb8946bcbd38ab1
                                                                                                                                                                                                                                                            • Instruction ID: 6a7c491381bf796ba7f43a2e96dd34d9c2f05fb78d01f2bd4a5e915aac374dcd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 154e61b171dc491ea20fcd15a2e211741022026cb4b472f6dbb8946bcbd38ab1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F01932443A02EBD7416FA4FE8CAD6BB29BF01712F502025F202908E5C774A875DFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00271DC0
                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00271DE1
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271DF2
                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00271EDB
                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00271E8C
                                                                                                                                                                                                                                                              • Part of subcall function 002539E8: _strlen.LIBCMT ref: 002539F2
                                                                                                                                                                                                                                                              • Part of subcall function 00273224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0026EC0C), ref: 00273240
                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00271F35
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                            • Opcode ID: e747974556ed0db0fe210101679774094fd50b5a5ea1b338dd8a47dc70457777
                                                                                                                                                                                                                                                            • Instruction ID: 65e02ffa56f3f293c050086e8232883c2102bfed1957a9a55c0d553536057c5e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e747974556ed0db0fe210101679774094fd50b5a5ea1b338dd8a47dc70457777
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DB1EF70214301AFC324DF28C895E3A7BE5AF95318F54854CF55A5B2E2CB71ED62CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 001F5D30
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001F5D71
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 001F5D99
                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 001F5ED7
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 001F5EF8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                            • Opcode ID: 2d069785d2c58a551eb2fcd02aba1a84e8e2c7030b347d752cd5e112d16f7269
                                                                                                                                                                                                                                                            • Instruction ID: 23601733fdbf0f9d49e241ec2ccbc506d1a7eb135abfba06e76c741bb0198e1c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d069785d2c58a551eb2fcd02aba1a84e8e2c7030b347d752cd5e112d16f7269
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EB16A74A1064ADBDB14DFA9C8807FAB7F2FF48310F14841AE9AAD7250DB34AA51DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 002200BA
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002200D6
                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 002200ED
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0022010B
                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00220122
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00220140
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                            • Instruction ID: f473cea467a0f104edd4069498a8902cd808dc8b4d8c650817a2eb0e51ffa9be
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9813C72A20712BBE7209FA8DC81BAB73E9AF51320F244139F515D76D2E7B0D9718B50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,002182D9,002182D9,?,?,?,0022644F,00000001,00000001,8BE85006), ref: 00226258
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0022644F,00000001,00000001,8BE85006,?,?,?), ref: 002262DE
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002263D8
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 002263E5
                                                                                                                                                                                                                                                              • Part of subcall function 00223820: RtlAllocateHeap.NTDLL(00000000,?,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6,?,001F1129), ref: 00223852
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 002263EE
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00226413
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                            • Opcode ID: 8c81b0a4b6d791f9817bbf1de649fc3d5086cd7b0776cb2c4488b87106e26cc2
                                                                                                                                                                                                                                                            • Instruction ID: 4ad6ebfed0d860ed5fc2c256af46070bdba263b80af2c55849f6031845dd2239
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c81b0a4b6d791f9817bbf1de649fc3d5086cd7b0776cb2c4488b87106e26cc2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6351E373620226BBDB258FE4EC89EAF77A9EF44B10F1546A9FC05D6140DB74DC60CA60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0027B6AE,?,?), ref: 0027C9B5
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027C9F1
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA68
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA9E
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0027BCCA
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0027BD25
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027BD6A
                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0027BD99
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0027BDF3
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0027BDFF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                            • Opcode ID: c4a9c4573ce4319eec26f5fb0fc3a2be3ac241f4741de8e03f86e3bc37066c59
                                                                                                                                                                                                                                                            • Instruction ID: 0ab19b6bb1e2d2c146a4152741d5b8db43c7efb4b99b279044f3bbb5be7fac05
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4a9c4573ce4319eec26f5fb0fc3a2be3ac241f4741de8e03f86e3bc37066c59
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36819C70228241AFC715DF24C885F2ABBE5FF84308F14896DF5598B2A2DB31ED55CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0024F7B9
                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0024F860
                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0024FA64,00000000), ref: 0024F889
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(0024FA64), ref: 0024F8AD
                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0024FA64,00000000), ref: 0024F8B1
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0024F8BB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                            • Opcode ID: 1f08c23b27bbd0bd05d30a1514d93eaeed5de1184cb6d68084e75e7e492b3e73
                                                                                                                                                                                                                                                            • Instruction ID: 8cc76892071084eb359945a10fdd7d3fe034e3e53d537dd4a6f4be982ee4aad1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f08c23b27bbd0bd05d30a1514d93eaeed5de1184cb6d68084e75e7e492b3e73
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7551E935A30310BACFA8AF65D995B39B3E4EF85310F248467E905DF292DBB08C50CB56
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F7620: _wcslen.LIBCMT ref: 001F7625
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 002694E5
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00269506
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026952D
                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00269585
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                            • Opcode ID: f24bad2176ec584d987fe70d61bb81c385fdd53cc3212169b5b009ba98771690
                                                                                                                                                                                                                                                            • Instruction ID: 9e514cd6519cfcb374fa1e743a0cc7680eba85f5e9308ffcb48a2f937061a101
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f24bad2176ec584d987fe70d61bb81c385fdd53cc3212169b5b009ba98771690
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFE1C171518341CFC724EF24C881B6AB7E8BF95314F04896DF9899B2A2DB30DD95CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00209241
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 002092A5
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 002092C2
                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 002092D3
                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00209321
                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 002471EA
                                                                                                                                                                                                                                                              • Part of subcall function 00209339: BeginPath.GDI32(00000000), ref: 00209357
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                            • Opcode ID: 569accbaedbef7e793b9a725eeecc9071f1377ef32b7c3447b28a83ac5d5ad39
                                                                                                                                                                                                                                                            • Instruction ID: 52df31ce76c15f8576bc7020720756d73f4e1203ddabac31e37f5c07978910cb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 569accbaedbef7e793b9a725eeecc9071f1377ef32b7c3447b28a83ac5d5ad39
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0641AF30115301AFD710DF24DC89FAA7BA8EF86320F140669F969871E3C77198A5DF61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0026080C
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00260847
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00260863
                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 002608DC
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 002608F3
                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00260921
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                            • Opcode ID: 586379e7960c4925aebd907ada891a55bfd7144005bc1b1a31c029fc0716d011
                                                                                                                                                                                                                                                            • Instruction ID: 5c1d52294393a95616a312466b207e4087400cc92601f3751308f37bcf6776b6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 586379e7960c4925aebd907ada891a55bfd7144005bc1b1a31c029fc0716d011
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53417771910205EBDF14EF54ECC5AAA77B9FF04710F1040A9ED049A29BDB30DEA4DBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0024F3AB,00000000,?,?,00000000,?,0024682C,00000004,00000000,00000000), ref: 0028824C
                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00288272
                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 002882D1
                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 002882E5
                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 0028830B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0028832F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                            • Opcode ID: d4b799cd9ac0bee9f8384b8964af83a52d1dd67517f88951e22d2c7ce4de873a
                                                                                                                                                                                                                                                            • Instruction ID: e618e7b6c69e3f5ab3cf4ed4054da2ae9dd9fd2d62a5bf52a2080dc8f7e765fe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4b799cd9ac0bee9f8384b8964af83a52d1dd67517f88951e22d2c7ce4de873a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB41C83C602645AFDB25EF14D899FE47BE0FB46714F5841A5E9088B2E3C7316861CF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00254C95
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00254CB2
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00254CEA
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00254D08
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00254D10
                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00254D1A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                            • Opcode ID: e71c573d1bc62f97931c2d05593c06ad50f46b32cf32684cbd87b3e5f24b8030
                                                                                                                                                                                                                                                            • Instruction ID: cd13923468bfed49aa5258f9f69d4c01871b112399c5390beee6e58d618de5ae
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e71c573d1bc62f97931c2d05593c06ad50f46b32cf32684cbd87b3e5f24b8030
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15210D312152117BEB196F25EC09E7BBBACDF85755F104039FC05CA191EB71DC948760
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001F3A97,?,?,001F2E7F,?,?,?,00000000), ref: 001F3AC2
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026587B
                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00265995
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0028FCF8,00000000,00000001,0028FB68,?), ref: 002659AE
                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 002659CC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                            • Opcode ID: fad05af5e738dde55850f1ade178b2caf6844add4b8fc6cef33f09789fb9b18c
                                                                                                                                                                                                                                                            • Instruction ID: 73b98793ee87052d42e18aff3579f501be65f35920e4d0e130349ea589711d44
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fad05af5e738dde55850f1ade178b2caf6844add4b8fc6cef33f09789fb9b18c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9D16074618616DFC714DF24C480A2ABBE1FF89714F14885DF88A9B3A1DB31EC85CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00250FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00250FCA
                                                                                                                                                                                                                                                              • Part of subcall function 00250FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00250FD6
                                                                                                                                                                                                                                                              • Part of subcall function 00250FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00250FE5
                                                                                                                                                                                                                                                              • Part of subcall function 00250FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00250FEC
                                                                                                                                                                                                                                                              • Part of subcall function 00250FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00251002
                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00251335), ref: 002517AE
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 002517BA
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 002517C1
                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 002517DA
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00251335), ref: 002517EE
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002517F5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                            • Opcode ID: 4d8f8372d9c322e940adf80c175466c4d63e73d241d90d13fbb15a67b41aed37
                                                                                                                                                                                                                                                            • Instruction ID: 017f43026d1fd77eaddabb7435bb855089f73480be0100427535ca8635fc72de
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d8f8372d9c322e940adf80c175466c4d63e73d241d90d13fbb15a67b41aed37
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9811D335521205FFDB109FA8DC8DBAFBBB9EF49356F204118F84597110C7359968CB64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 002514FF
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00251506
                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00251515
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00251520
                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0025154F
                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00251563
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                            • Opcode ID: eebb6631ee3580a60b3298679adfb709abee8102f808051772f0e7b16e96993a
                                                                                                                                                                                                                                                            • Instruction ID: d09e2cc92cc71bf72299fd786bbe9b929f08eb4dbda7a1ab9ac2eef96f50e19b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eebb6631ee3580a60b3298679adfb709abee8102f808051772f0e7b16e96993a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F11977610120EABDF118FA8ED09FDE7BA9EF48749F144024FE05A2060D375CE64EB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00213379,00212FE5), ref: 00213390
                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0021339E
                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002133B7
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00213379,00212FE5), ref: 00213409
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                            • Opcode ID: beab3ab2d6ef385817dd1366811ec3b1dc83b9c4247c123a556cb8edc7c1777f
                                                                                                                                                                                                                                                            • Instruction ID: d327c45ab15b06e86bcadfffc7dc2b488db7b85f7b142aa056c8c72f213ede85
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beab3ab2d6ef385817dd1366811ec3b1dc83b9c4247c123a556cb8edc7c1777f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C012832339312BEA6247F747C895E62ADADB353753300379F420841F4EF214DB25998
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00225686,00233CD6,?,00000000,?,00225B6A,?,?,?,?,?,0021E6D1,?,002B8A48), ref: 00222D78
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222DAB
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222DD3
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0021E6D1,?,002B8A48,00000010,001F4F4A,?,?,00000000,00233CD6), ref: 00222DE0
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0021E6D1,?,002B8A48,00000010,001F4F4A,?,?,00000000,00233CD6), ref: 00222DEC
                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00222DF2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                            • Opcode ID: 6a795dd07b1764ddccf25f922dc70b835cce4ed4da37143d3d3d18cedf2ec321
                                                                                                                                                                                                                                                            • Instruction ID: 8bafcd873c2f85eeaedf2fc28df53bcfc8175dbffb93916ddfcf0ab513ffad0f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a795dd07b1764ddccf25f922dc70b835cce4ed4da37143d3d3d18cedf2ec321
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF0CD35535531F7C2127BF87C0AE5A1559AFC2761F340528F824921D6DF368C7A4570
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00209693
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: SelectObject.GDI32(?,00000000), ref: 002096A2
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: BeginPath.GDI32(?), ref: 002096B9
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: SelectObject.GDI32(?,00000000), ref: 002096E2
                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00288A4E
                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00288A62
                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00288A70
                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00288A80
                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00288A90
                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00288AA0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                            • Opcode ID: 2f3b2ece956dd38ef5d25ed6bcb0964dd7cb6392c0bd73a8d14f3e518571dabb
                                                                                                                                                                                                                                                            • Instruction ID: 593eafa3cb14867a490d6d80489f538010f3a307bae9fc5344dc633b1eb4395b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f3b2ece956dd38ef5d25ed6bcb0964dd7cb6392c0bd73a8d14f3e518571dabb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3411DE7600114DFFDF119F94EC88E9A7F6DEB04394F148011BA19991A1C7719D65DF70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00255218
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00255229
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00255230
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00255238
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0025524F
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00255261
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                            • Opcode ID: 9ad1b0e1c997673023df6d17bbf74923643376f67bf1bfdbe8fbff10b1a9a12d
                                                                                                                                                                                                                                                            • Instruction ID: 3c21017c326c4c6fe217fc7d0abc6bfc421bd462645ec71e368467c47fd9d3d3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ad1b0e1c997673023df6d17bbf74923643376f67bf1bfdbe8fbff10b1a9a12d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1014F75A01719BBEB109FB5AC49A5EBFB8EF48751F144065FA04E7281DB709C14CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 001F1BF4
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 001F1BFC
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 001F1C07
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 001F1C12
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 001F1C1A
                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 001F1C22
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                            • Opcode ID: a3cb2ae30f33ca85650afc6836ce15f133bcec5ac96047b56cc93079e5299e7c
                                                                                                                                                                                                                                                            • Instruction ID: f479dee2e29b0ced9c747cf769dbc9a45426a7fc33a2eb052e643880e3551c79
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3cb2ae30f33ca85650afc6836ce15f133bcec5ac96047b56cc93079e5299e7c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10016CB09027597DE3008F5A8C85B52FFA8FF59354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0025EB30
                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0025EB46
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0025EB55
                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0025EB64
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0025EB6E
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0025EB75
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                            • Opcode ID: 5b311d44a01868bd8e78e7680c66951d0b473821d48a88186519e4976ee66826
                                                                                                                                                                                                                                                            • Instruction ID: 4d89499c948f4809d37a24d2178e689eed803e4f838da2167b995ffb4d4cfcfe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b311d44a01868bd8e78e7680c66951d0b473821d48a88186519e4976ee66826
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F03076142168BBE7215B52AC4EEEF3A7CEFCAB11F100168F601D1091E7B05A01D7B5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00247452
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00247469
                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00247475
                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00247484
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00247496
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 002474B0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                            • Opcode ID: 97c06376f299879ccdae9e8fa195f7ae5ac5682791549cf5b17552f801f5ddde
                                                                                                                                                                                                                                                            • Instruction ID: f75119a65729e27573b92970534ade24ee24ee28b3decae7aaba9f0203f5a756
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97c06376f299879ccdae9e8fa195f7ae5ac5682791549cf5b17552f801f5ddde
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB01AD35411215EFDB105FA4EC0CBBA7BB5FF04321F604060F926A21A1CB311E61EB20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0025187F
                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0025188B
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00251894
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0025189C
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002518A5
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 002518AC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                            • Opcode ID: f90167770cc992f748bb50e4c6e8086efc1ce0e9154172698e00d394c7a7a21f
                                                                                                                                                                                                                                                            • Instruction ID: 43e8ea942ef9fd0e079b648f93bf562b516992dce462896d04cd3d968bc23ea3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f90167770cc992f748bb50e4c6e8086efc1ce0e9154172698e00d394c7a7a21f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13E0E53A005101BBDB016FA1FD0CD0ABF39FF49B22B208220F22981476CB329421EF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 001FBEB3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                            • String ID: D%,$D%,$D%,$D%,D%,
                                                                                                                                                                                                                                                            • API String ID: 1385522511-1929757701
                                                                                                                                                                                                                                                            • Opcode ID: 2105be966ac7140b7c64c2f952689689abfb7240cd4392eb1e5c160c17deab5f
                                                                                                                                                                                                                                                            • Instruction ID: 75f6e74b8cda90d205958189710fd2f62177e371d846ead86d4f255b469943da
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2105be966ac7140b7c64c2f952689689abfb7240cd4392eb1e5c160c17deab5f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46913B75A0420ACFCB18CF98C0D0ABAB7F1FF58314F65816ADA55AB351DB71E981CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00210242: EnterCriticalSection.KERNEL32(002C070C,002C1884,?,?,0020198B,002C2518,?,?,?,001F12F9,00000000), ref: 0021024D
                                                                                                                                                                                                                                                              • Part of subcall function 00210242: LeaveCriticalSection.KERNEL32(002C070C,?,0020198B,002C2518,?,?,?,001F12F9,00000000), ref: 0021028A
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 002100A3: __onexit.LIBCMT ref: 002100A9
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00277BFB
                                                                                                                                                                                                                                                              • Part of subcall function 002101F8: EnterCriticalSection.KERNEL32(002C070C,?,?,00208747,002C2514), ref: 00210202
                                                                                                                                                                                                                                                              • Part of subcall function 002101F8: LeaveCriticalSection.KERNEL32(002C070C,?,00208747,002C2514), ref: 00210235
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                            • String ID: +T$$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                            • API String ID: 535116098-757584443
                                                                                                                                                                                                                                                            • Opcode ID: dfdd24e4c6f99de3105b260f2eb2922ced4989fb5a080c171b2f093ade204f0a
                                                                                                                                                                                                                                                            • Instruction ID: d02fce6cca4fae9582fca80196ee34e445748102cb89322ed4ef3b020475ee84
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfdd24e4c6f99de3105b260f2eb2922ced4989fb5a080c171b2f093ade204f0a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A918A74A24209EFCB14EF54D891DBDB7B1FF49300F508059F80A9B292DB71AE65CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F7620: _wcslen.LIBCMT ref: 001F7625
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0025C6EE
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025C735
                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0025C79C
                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0025C7CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: 5f78eaad09ee2e8431d326b39a8295723c56b28d0eec107683bc1029fbe450bc
                                                                                                                                                                                                                                                            • Instruction ID: fdce7ee3b6ed4fc6474f9c0b021393baab0de5671cdc8773060d1ed12f3811ad
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f78eaad09ee2e8431d326b39a8295723c56b28d0eec107683bc1029fbe450bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA51E1716243029FD7109E28C885B6AB7E8AF89311F240A2DFD95D35D1E770DD28CF9A
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0027AEA3
                                                                                                                                                                                                                                                              • Part of subcall function 001F7620: _wcslen.LIBCMT ref: 001F7625
                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 0027AF38
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027AF67
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                            • Opcode ID: ab9a838fa48f76354069792c578b05f6d0bf5de7d4db043dd8aeee7462885e41
                                                                                                                                                                                                                                                            • Instruction ID: 4e68c6bbef77804d083932f3b8c5c2b274c73e67446fab95d233779e629c7646
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab9a838fa48f76354069792c578b05f6d0bf5de7d4db043dd8aeee7462885e41
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09718B70A10219DFCB14DF54D484AAEBBF0FF48320F0484A9E81AAB3A2C775ED55CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00257206
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0025723C
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0025724D
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 002572CF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                            • Opcode ID: 3da9605d8b1cab59f60a8d85e7f51cf23a6f3fb6e9259056bb6a0092cefefffd
                                                                                                                                                                                                                                                            • Instruction ID: 8598622837fa0fc5cd440fadc297fef77be75eba0e8bd79d9fb92c78c7ac84d1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3da9605d8b1cab59f60a8d85e7f51cf23a6f3fb6e9259056bb6a0092cefefffd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D41C171A54204EFDB15CF54D888A9A7BB9EF44311F2080AEBD09DF20AD7B0DD59CBA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00283E35
                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00283E4A
                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00283E92
                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00283EA5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: 2b131d020271710ef2e15dbf62e170b5c8642a0a3c994b680e366e95c4daf4a2
                                                                                                                                                                                                                                                            • Instruction ID: 6493bac65b538cadd1630dafe8a21a277b88c94d54eb4da42013d3622f187cef
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b131d020271710ef2e15dbf62e170b5c8642a0a3c994b680e366e95c4daf4a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81415B79A2220AAFDB10EF50E884EAAB7B5FF49750F044019E905A7290D730AE64CF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 00253CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00253CCA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00251E66
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00251E79
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00251EA9
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                            • Opcode ID: cee08158c8dcc0c7fa6b6f6c794649ea7e5f8487d8d6e5d61271a03113e5c6b8
                                                                                                                                                                                                                                                            • Instruction ID: 3e48a47e122ea263184cca1921c8d02e00431ba759353b38c515878a7f540b55
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cee08158c8dcc0c7fa6b6f6c794649ea7e5f8487d8d6e5d61271a03113e5c6b8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91213571A10108BADB18AF60DC46EFFB7B9EF92391B144129FC21A71E1DB344D2D8A20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00282F8D
                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00282F94
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00282FA9
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00282FB1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                            • Opcode ID: 0b8b0e635ac46096a37e0e10b369257946b08ed4b8cda821a995114785fe84ed
                                                                                                                                                                                                                                                            • Instruction ID: 4af52dda079036f096b4c4dcd85970a20851a13835c822f3f613233b242e173e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b8b0e635ac46096a37e0e10b369257946b08ed4b8cda821a995114785fe84ed
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C221BB79221206EBEB106F649C84EBB37B9EF69364F104228FA10924D0D771DC65D760
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00214D1E,002228E9,?,00214CBE,002228E9,002B88B8,0000000C,00214E15,002228E9,00000002), ref: 00214D8D
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00214DA0
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00214D1E,002228E9,?,00214CBE,002228E9,002B88B8,0000000C,00214E15,002228E9,00000002,00000000), ref: 00214DC3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                            • Opcode ID: 2493f1bd3cd4df1c83b06a930c34a604d9906c687e8bb3c0108369d87719df71
                                                                                                                                                                                                                                                            • Instruction ID: 6bc4addc440eea2d86e0ad2f32e2b3a356c0b265271e0d8a93c3ea99e98b62e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2493f1bd3cd4df1c83b06a930c34a604d9906c687e8bb3c0108369d87719df71
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5F0A43455120CBBDF155F90EC4DBDDBBF4EF04712F1000A4F909A2250CB305990CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32 ref: 0024D3AD
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0024D3BF
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0024D3E5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                            • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                            • Opcode ID: c0cea495c2813e4bdb365634c36aa06ab8fb046adbaabc47919b895af8ad459b
                                                                                                                                                                                                                                                            • Instruction ID: 378aca272c183767330de13f9abc13dde0071233bc94861e740229700f760bd4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0cea495c2813e4bdb365634c36aa06ab8fb046adbaabc47919b895af8ad459b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F05C359377129BD73D6F204C8C9593B145F11B01B6481D5F805E2147D7F0CD748BA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,001F4EDD,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E9C
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 001F4EAE
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,001F4EDD,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4EC0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                            • Opcode ID: 0f014d321d4d8c7a3bc8628e5d18ebf050f56d4e7468968b8a6a2b5949a85d40
                                                                                                                                                                                                                                                            • Instruction ID: e64d0bdb57ae3b0eb65438984ee3a38b323903996b900ab327e1d242c973c76f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f014d321d4d8c7a3bc8628e5d18ebf050f56d4e7468968b8a6a2b5949a85d40
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72E0CD39A039225BD3321B257C5CB7F7554AF82F637150115FE04D2241DB74CD0583B4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00233CDE,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E62
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 001F4E74
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00233CDE,?,002C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 001F4E87
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                            • Opcode ID: 3441ec89c83aab7eebbe9762f2a20591b03b718f4e871a0ceaf79cad2f346219
                                                                                                                                                                                                                                                            • Instruction ID: 875814267d7b267e61900001e8f078c3cc8aa7ad6daf885b2936bc3a60f469a4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3441ec89c83aab7eebbe9762f2a20591b03b718f4e871a0ceaf79cad2f346219
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DD02B39503A315767325B247C0CEDF6A18AF86F523550210FA08E2111CF38CD15C3F0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00262C05
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00262C87
                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00262C9D
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00262CAE
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00262CC0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                            • Opcode ID: 784e634ac4d16e8b8cb78132303a60e9b8851674f9c33d5a498d4d69c2086c49
                                                                                                                                                                                                                                                            • Instruction ID: 5b1621b6207c0afd83a57e0b7e4b61cb772136a79b64f1f47e85dba39c78092b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 784e634ac4d16e8b8cb78132303a60e9b8851674f9c33d5a498d4d69c2086c49
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9B15D7191051DEBDF21DFA4CC85EEEB7BDEF58350F1040A6FA09A6141EB309A988F61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0027A427
                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0027A435
                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0027A468
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0027A63D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                            • Opcode ID: e58b7ddb01bfe0f3115a0b616f096991195b449541f2e1dbc78c9fa3a08e15da
                                                                                                                                                                                                                                                            • Instruction ID: ef0cb30c6897190dee79dea026ca888891c7d910de2af20cfe3fca3fc5654403
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e58b7ddb01bfe0f3115a0b616f096991195b449541f2e1dbc78c9fa3a08e15da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67A1C2716143019FE720DF28D886F2AB7E5AF84724F14885CF55A9B3D2D7B0EC518B92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00293700), ref: 0022BB91
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,002C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0022BC09
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,002C1270,000000FF,?,0000003F,00000000,?), ref: 0022BC36
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022BB7F
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022BD4B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                            • Opcode ID: 7e1ee87d28c68211929a0ff70770aae1af9c8224057e0b1dbca7631ed6900109
                                                                                                                                                                                                                                                            • Instruction ID: 2ce9de9f3df9f7b06bffd6b5c8de26b5f7598ec7e9ff9e57ecbd0b0983b354c1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e1ee87d28c68211929a0ff70770aae1af9c8224057e0b1dbca7631ed6900109
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65510975910229FFCB11EFE5BC859AEB7BCEF45310B20426AE914D7191EB709D708B50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0025DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0025CF22,?), ref: 0025DDFD
                                                                                                                                                                                                                                                              • Part of subcall function 0025DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0025CF22,?), ref: 0025DE16
                                                                                                                                                                                                                                                              • Part of subcall function 0025E199: GetFileAttributesW.KERNEL32(?,0025CF95), ref: 0025E19A
                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0025E473
                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0025E4AC
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025E5EB
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0025E603
                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0025E650
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                            • Opcode ID: 82ca67684313d486f6670e8eeed7fbf691d90af55332aab1347b811903028c2b
                                                                                                                                                                                                                                                            • Instruction ID: d05df52c8ead9bc1ed3d7646db1ed88bd3bd4bd33ea7434e83d3dae19a2a31a8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82ca67684313d486f6670e8eeed7fbf691d90af55332aab1347b811903028c2b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 285185B24183455BCB24EF90D8819DB73DC9F94341F00491EFA89D3151EF74A69C8B6A
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0027B6AE,?,?), ref: 0027C9B5
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027C9F1
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA68
                                                                                                                                                                                                                                                              • Part of subcall function 0027C998: _wcslen.LIBCMT ref: 0027CA9E
                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0027BAA5
                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0027BB00
                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0027BB63
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0027BBA6
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0027BBB3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                            • Opcode ID: c3b10e7dee9337bc92293377ca8d9ce277a6c8763f2f50a84f80c8048b1ea218
                                                                                                                                                                                                                                                            • Instruction ID: fbefbfb3d9e6aba3837dbe6dab9683e3cea068a3a6d3081fb9e18bd8cbd7ea81
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3b10e7dee9337bc92293377ca8d9ce277a6c8763f2f50a84f80c8048b1ea218
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D61CF71218205AFC315EF24C494F2ABBE5FF84348F14856CF8998B2A2DB31ED45CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00258BCD
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00258C3E
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00258C9D
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00258D10
                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00258D3B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                            • Opcode ID: b403b7a12bcc940838957c084a21da0f7a2c2a93d13fb006accd33a912138cce
                                                                                                                                                                                                                                                            • Instruction ID: 1cfecd3da4807cb1f85eee7fd0b90241b9f800c75519828dbacd60c1c05632e0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b403b7a12bcc940838957c084a21da0f7a2c2a93d13fb006accd33a912138cce
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C518BB5A11219EFCB14CF28D884AAAB7F8FF89311B118559ED05EB350E770E911CFA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00268BAE
                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00268BDA
                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00268C32
                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00268C57
                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00268C5F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                            • Opcode ID: 7f5d302e96350af41715765507e3e8d5a759a4ff7cbb33e10768f3b29cf5e4a0
                                                                                                                                                                                                                                                            • Instruction ID: 6afa66179701151601847f66318211597333c9c5a29030eb1e44baede9e78527
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f5d302e96350af41715765507e3e8d5a759a4ff7cbb33e10768f3b29cf5e4a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28515A35A002199FCB14DF64C880E6DBBF5FF48314F088059E949AB3A2CB31ED55CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00278F40
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00278FD0
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00278FEC
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00279032
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00279052
                                                                                                                                                                                                                                                              • Part of subcall function 0020F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00261043,?,76D1E610), ref: 0020F6E6
                                                                                                                                                                                                                                                              • Part of subcall function 0020F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0024FA64,00000000,00000000,?,?,00261043,?,76D1E610,?,0024FA64), ref: 0020F70D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                            • Opcode ID: 6cf68d24de8308d4df280fe23577ba3d5607a7db6dafda7da404cd632520944f
                                                                                                                                                                                                                                                            • Instruction ID: bee5e55c9013b2e6701dcd881a5f704ca8dec311cb9d2249537838d39facc33a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cf68d24de8308d4df280fe23577ba3d5607a7db6dafda7da404cd632520944f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67516934615209DFCB10EF58C4988ADBBF1FF59314B14C0A8E90A9B762DB31ED85CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00286C33
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00286C4A
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00286C73
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0026AB79,00000000,00000000), ref: 00286C98
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00286CC7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                            • Opcode ID: f95c4a5eb04e3ceb968f3f89e9c04d217bb332492cfe63f1368917f54d4edb42
                                                                                                                                                                                                                                                            • Instruction ID: 424faa1891f94074f587237fdf13a6ebc4a7be86abc94773c882d8c3459b1c3e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f95c4a5eb04e3ceb968f3f89e9c04d217bb332492cfe63f1368917f54d4edb42
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D641D33D622105AFDB24EF28CC5DFA97BA5EB09360F140229F895A72E0C371ED60CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                            • Opcode ID: 6d46293c63eefd96212223aa4ec0cd5ac65c47ed95b4e1333cd787253370aa33
                                                                                                                                                                                                                                                            • Instruction ID: 52e156b31f2c120b0b543ffc73a4b09adec095491e0d5bc78956be676af8488a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d46293c63eefd96212223aa4ec0cd5ac65c47ed95b4e1333cd787253370aa33
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E41E632A10210FFCB24DFB8D880A5DB3E5EF88314F154568E515EB392DB32AE25CB81
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00209141
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0020915E
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00209183
                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0020919D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                            • Opcode ID: a588d3e357a9e4a01ccfd9c1c476d561de3b4406eb0b0e545bd6006ea321a475
                                                                                                                                                                                                                                                            • Instruction ID: 937e25c36176b8bc834a5bbfd3d7a46494e49ae71822b2e8c1998c77a124a91a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a588d3e357a9e4a01ccfd9c1c476d561de3b4406eb0b0e545bd6006ea321a475
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D416D75A1860BEBDF099F64C848BEEF774FB05320F204215E42EA62D1C77459A4CF91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 002638CB
                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00263922
                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0026394B
                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00263955
                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00263966
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                            • Opcode ID: a6211a5b8cab33ba2c8b635c3106fbc4915f85650b61c728d0f45ceae507003f
                                                                                                                                                                                                                                                            • Instruction ID: 52091ee6fe8d10c171a132b1a60d7e689cf4cb057eb7eaf3b5589510ff46bc1b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6211a5b8cab33ba2c8b635c3106fbc4915f85650b61c728d0f45ceae507003f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C318670525343DEEB25CF34A84DFB637A8EB06304F540559D45293191D7F496E5CF21
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0026C21E,00000000), ref: 0026CF38
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0026CF6F
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0026C21E,00000000), ref: 0026CFB4
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0026C21E,00000000), ref: 0026CFC8
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0026C21E,00000000), ref: 0026CFF2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                            • Opcode ID: 7adcf44b9b6bca92f91b937923aa93f76eab9ea05615c05b05a80c0db01d97f4
                                                                                                                                                                                                                                                            • Instruction ID: b487585303d4c48254cd6e2bfee354cc16a4175518f527a30b6be0ae88bb87d6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7adcf44b9b6bca92f91b937923aa93f76eab9ea05615c05b05a80c0db01d97f4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4318071520306EFDB20EFA5D8889BBBBF9EB14310B20442FF556D2551D730AD90DB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00251915
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 002519C1
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 002519C9
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 002519DA
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 002519E2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                            • Opcode ID: 02b4b4d3329cf62bf8d1c736b6aab5f4dad51577a5566174e244ce2eb785ffce
                                                                                                                                                                                                                                                            • Instruction ID: e5bfa2155120fe9250ca3614442794c0c164b868c5a8f0f062dddfe278a1d9ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02b4b4d3329cf62bf8d1c736b6aab5f4dad51577a5566174e244ce2eb785ffce
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6231AF75910219EFCB04CFA8D99DBDE7BB5EB44316F104229FD21A72D1C7B09968CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00285745
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0028579D
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002857AF
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002857BA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00285816
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                            • Opcode ID: 9983bd04d51a781a5cdb76dbacf2bb74443a2c201098b5c7a4a0b383f4a4d61b
                                                                                                                                                                                                                                                            • Instruction ID: 37ee96fd5f9da485b52b8d9645fdda959579b69349609031fa90dc30e66422a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9983bd04d51a781a5cdb76dbacf2bb74443a2c201098b5c7a4a0b383f4a4d61b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5321A739925629DADB20AF60DC45AEDB7BCFF44321F108216F919DA1D0D77089A5CF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00270951
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00270968
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 002709A4
                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 002709B0
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 002709E8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                            • Opcode ID: b838429a44a8ed68d72b259b3dda7e00bb176a6add60221eefa239fdf4ff0609
                                                                                                                                                                                                                                                            • Instruction ID: 3a1058693c4b0b69cbd237382d2227f1676a5cb3e8dd33f164d3d9902c191b96
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b838429a44a8ed68d72b259b3dda7e00bb176a6add60221eefa239fdf4ff0609
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03218479600214EFD704EF65D988A6EBBE9EF44700F148068E94A97361DB70AC44CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0022CDC6
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0022CDE9
                                                                                                                                                                                                                                                              • Part of subcall function 00223820: RtlAllocateHeap.NTDLL(00000000,?,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6,?,001F1129), ref: 00223852
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0022CE0F
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022CE22
                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0022CE31
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                            • Opcode ID: 8724c7f3e21c693c2c264e392d19038c2c3792aa70a567d3c88f5f064148ce1b
                                                                                                                                                                                                                                                            • Instruction ID: beb2badb5e96ac69b709d3c7f91967730d92b22eb9df88cc99c59924cb88e0cf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8724c7f3e21c693c2c264e392d19038c2c3792aa70a567d3c88f5f064148ce1b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2301D8766222357F23211AF67C8CC7F696DDEC6BA13360129F905C7204DBB18D2282B1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00209693
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 002096A2
                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 002096B9
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 002096E2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                            • Opcode ID: 2b42977a2d9dc76476ca294b9faf7eb3fc5a94b5bdc2c0d6c002819cf7783dc7
                                                                                                                                                                                                                                                            • Instruction ID: 9e2f97fe9f694318abbccd4e1cb675a39d25dc20170d2b01acb78620767cd40e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b42977a2d9dc76476ca294b9faf7eb3fc5a94b5bdc2c0d6c002819cf7783dc7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D216D70822346EBDB119F24FC0EBA93BA8BB41755F200216F416A61E3D37198B1CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                            • Opcode ID: 0de71e9802af105b23360b63fe95a3d6b1c0218489a892f7bb37c65606db311b
                                                                                                                                                                                                                                                            • Instruction ID: 035dc5be6aee4d4d4f0d49ec776b7b01c6b2940493ec15f11552aa391319955e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0de71e9802af105b23360b63fe95a3d6b1c0218489a892f7bb37c65606db311b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC01F9652B1619BBD208A9119E52FFBB39C9B39396F104021FE049A285F770EE7487A4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0021F2DE,00223863,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6), ref: 00222DFD
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222E32
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222E59
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,001F1129), ref: 00222E66
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,001F1129), ref: 00222E6F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                            • Opcode ID: acd09573da422a47b07b189501834307ffc246f1b8f7f5a27444a21a6cbd6493
                                                                                                                                                                                                                                                            • Instruction ID: 14da1b9eb015264110e45117ff7a93045292972c147cdb04f07e6c745a83afe5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acd09573da422a47b07b189501834307ffc246f1b8f7f5a27444a21a6cbd6493
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC014936231631F7C6126BF43C4AD3B265DABC53617320128F815A22D3EB76DC396520
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?,?,0025035E), ref: 0025002B
                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?), ref: 00250046
                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?), ref: 00250054
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?), ref: 00250064
                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0024FF41,80070057,?,?), ref: 00250070
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                            • Opcode ID: 1263d5cb2964f4e6182f68387bb5d549a23088c9177bcde310e404329b8767b9
                                                                                                                                                                                                                                                            • Instruction ID: 089b56c8a0557aeba162b5c6d5f072b08ef8e1332cd75c5f9f0f14cb5b984f6c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1263d5cb2964f4e6182f68387bb5d549a23088c9177bcde310e404329b8767b9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B501F276611215BFDB114F68EC88BAA7AEDEF44352F244024FC01D2250D770ED048BA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0025E997
                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0025E9A5
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0025E9AD
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0025E9B7
                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0025E9F3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                            • Opcode ID: 7124f92e6787b4b58c8ce36dc1a19152d163df39fb50edfe38a98d6ca761ed3d
                                                                                                                                                                                                                                                            • Instruction ID: eee1fcd9522f0050e021de86cfa610409153791c2a8454d244f8fd1344d18569
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7124f92e6787b4b58c8ce36dc1a19152d163df39fb50edfe38a98d6ca761ed3d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1016D35C11529DBCF049FE4EC8D6DDBB78FF09312F110556E912B2140DB309668CB66
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00251114
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251120
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 0025112F
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00250B9B,?,?,?), ref: 00251136
                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0025114D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                            • Opcode ID: 620bebc22ffe07845e0261e9ed315be363088f26c9aa21689cf54f079c1cb22f
                                                                                                                                                                                                                                                            • Instruction ID: 3eea89ea48ea90004264672325a40430d37db576b745f3aa9c5b822b4d198861
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 620bebc22ffe07845e0261e9ed315be363088f26c9aa21689cf54f079c1cb22f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5016979201605BFDB114FA4EC8DA6A3B6EEF893A1B214468FA49C3360DB31DC108F70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00250FCA
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00250FD6
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00250FE5
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00250FEC
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00251002
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                            • Opcode ID: b42129530e25f920fd8b40f1490ff964d8f995a7f2e7a8b956ded814db649021
                                                                                                                                                                                                                                                            • Instruction ID: 5f461c01aa8582a65e4cbf425315a7cb2df469f83c4ac9d3170c31e9c4e0bb13
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b42129530e25f920fd8b40f1490ff964d8f995a7f2e7a8b956ded814db649021
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79F04F39102311ABD7215FA4AC8DF563BADEF89762F604414FD49C6291CB70DC508B70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0025102A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00251036
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00251045
                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0025104C
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00251062
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                            • Opcode ID: 9ebf5a8dbd1a020a7b1bc502d6ae7516740ad9dcdfdbad0029fba45b611b5735
                                                                                                                                                                                                                                                            • Instruction ID: afb6f30a9467d288e79bd06ae67fe7557fb84761622ef6200e7050671bad0fa4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ebf5a8dbd1a020a7b1bc502d6ae7516740ad9dcdfdbad0029fba45b611b5735
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7F04F39101321ABD7215FA4FC4DF563B6DEF89761F200414FD45C6291CB70D8508B70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 00260324
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 00260331
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 0026033E
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 0026034B
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 00260358
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0026017D,?,002632FC,?,00000001,00232592,?), ref: 00260365
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                            • Opcode ID: 270c25b402c0858ea989cb48971639289cb68736557619bfea4425ecc61e0fe4
                                                                                                                                                                                                                                                            • Instruction ID: 3311b68c164a143ef2c7dcb64276ad6d2e8c266ab793973821070906d4d3cb60
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 270c25b402c0858ea989cb48971639289cb68736557619bfea4425ecc61e0fe4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F01D072810B128FC730AF66D8C0807F7F5BE502063148A7ED19252A31C370A9A4EF80
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D752
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D764
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D776
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D788
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022D79A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                            • Opcode ID: 21af32e1e2f9cf969ca2d0f6213d5434f2ee70d915217e03aa203f925bbff314
                                                                                                                                                                                                                                                            • Instruction ID: da042949bb2d52b551d6640170dde2b1358df12d9c7a1bd7ec14ecc00fd80644
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21af32e1e2f9cf969ca2d0f6213d5434f2ee70d915217e03aa203f925bbff314
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F0FF32564625FB9621EFA4F9C5C16B7DDBB487107F41D05F048D7501C729FC908A64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00255C58
                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00255C6F
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00255C87
                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00255CA3
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00255CBD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                            • Opcode ID: 8f502db2f159d890dbdf6ffd8d01d192114be1d860f7a64cf080f2facd8c13da
                                                                                                                                                                                                                                                            • Instruction ID: f303bcb7f51743d0130c5a51ddb6dda78ff0fac61cd7d0c7c0c74ecbc4a4be8f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f502db2f159d890dbdf6ffd8d01d192114be1d860f7a64cf080f2facd8c13da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA018B345117149BEB205F10ED5EFA577BCBF40707F00056AB553614E1D7F459588B54
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002222BE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000), ref: 002229DE
                                                                                                                                                                                                                                                              • Part of subcall function 002229C8: GetLastError.KERNEL32(00000000,?,0022D7D1,00000000,00000000,00000000,00000000,?,0022D7F8,00000000,00000007,00000000,?,0022DBF5,00000000,00000000), ref: 002229F0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002222D0
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002222E3
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 002222F4
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00222305
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                            • Opcode ID: eb6e616a41d0b17bacf37f133fa3c63308e3cf0e1feb86a827bd678e9b309965
                                                                                                                                                                                                                                                            • Instruction ID: 8908f4adfe7f4957efb9b623e56cf0b02cc3462d27b2aa2ce1430558533fe52b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb6e616a41d0b17bacf37f133fa3c63308e3cf0e1feb86a827bd678e9b309965
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F05EB4820171FB8713AF94BC4AC483B64FB1D761761160AF824D22B2CB3708B5AFE5
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 002095D4
                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,002471F7,00000000,?,?,?), ref: 002095F0
                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00209603
                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00209616
                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00209631
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                            • Opcode ID: 0b5125c67b300f3d78f4c57048726c6bcbc824c462fd86140f00a1142510812d
                                                                                                                                                                                                                                                            • Instruction ID: 7d7a9098f654978d9d636c465e2ce5aaa49af00092b5630c4803eadc373794ff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b5125c67b300f3d78f4c57048726c6bcbc824c462fd86140f00a1142510812d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F01434016749EBDB629F69FD1DB643F65AB02362F148214F42A590F3C73289B5DF20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                            • Opcode ID: de7c929220b0cdd9aead6650a04d76b970fec45d975a623a10f5fa7bdf467e80
                                                                                                                                                                                                                                                            • Instruction ID: e19ee2f23d7f466196944e9259c0eb12eb98a6bbdc73647e1531e81293182561
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de7c929220b0cdd9aead6650a04d76b970fec45d975a623a10f5fa7bdf467e80
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3ED1E131930226EACB24DFE8E845FFAB7B2EF25300F240199E9059B650D7759DB1CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00210242: EnterCriticalSection.KERNEL32(002C070C,002C1884,?,?,0020198B,002C2518,?,?,?,001F12F9,00000000), ref: 0021024D
                                                                                                                                                                                                                                                              • Part of subcall function 00210242: LeaveCriticalSection.KERNEL32(002C070C,?,0020198B,002C2518,?,?,?,001F12F9,00000000), ref: 0021028A
                                                                                                                                                                                                                                                              • Part of subcall function 002100A3: __onexit.LIBCMT ref: 002100A9
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00276238
                                                                                                                                                                                                                                                              • Part of subcall function 002101F8: EnterCriticalSection.KERNEL32(002C070C,?,?,00208747,002C2514), ref: 00210202
                                                                                                                                                                                                                                                              • Part of subcall function 002101F8: LeaveCriticalSection.KERNEL32(002C070C,?,00208747,002C2514), ref: 00210235
                                                                                                                                                                                                                                                              • Part of subcall function 0026359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002635E4
                                                                                                                                                                                                                                                              • Part of subcall function 0026359C: LoadStringW.USER32(002C2390,?,00000FFF,?), ref: 0026360A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                            • String ID: x#,$x#,$x#,
                                                                                                                                                                                                                                                            • API String ID: 1072379062-834180672
                                                                                                                                                                                                                                                            • Opcode ID: b3a6996bdb8d240198d960d1c0505da114050b076138fc352d98c365de0c11c6
                                                                                                                                                                                                                                                            • Instruction ID: 451923b9a2148241fee0cb55558cc36deeb913790da8627d17e37577284975aa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3a6996bdb8d240198d960d1c0505da114050b076138fc352d98c365de0c11c6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33C1B471A1050AAFCB14DF58C895EBEB7B9FF48300F548069FA099B291DB70ED64CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00228B6E
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00228B7A
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00228B81
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                            • String ID: .!
                                                                                                                                                                                                                                                            • API String ID: 2434981716-3855568528
                                                                                                                                                                                                                                                            • Opcode ID: 43bbcf1e3a2eeb51348e428520c19f4f78e6840b6cfbcb6808c5dbfea0f17031
                                                                                                                                                                                                                                                            • Instruction ID: b33504a672f60fd73f076565d0289213ea652cdfe463a1d3c4257f1ed22d8aed
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43bbcf1e3a2eeb51348e428520c19f4f78e6840b6cfbcb6808c5dbfea0f17031
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0941AC70625065BFDB249FA4E884A797FE5EB85308F2841ADF899C7642DE31CC228790
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0025B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002521D0,?,?,00000034,00000800,?,00000034), ref: 0025B42D
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00252760
                                                                                                                                                                                                                                                              • Part of subcall function 0025B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0025B3F8
                                                                                                                                                                                                                                                              • Part of subcall function 0025B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0025B355
                                                                                                                                                                                                                                                              • Part of subcall function 0025B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00252194,00000034,?,?,00001004,00000000,00000000), ref: 0025B365
                                                                                                                                                                                                                                                              • Part of subcall function 0025B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00252194,00000034,?,?,00001004,00000000,00000000), ref: 0025B37B
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002527CD
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0025281A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                            • Opcode ID: a7ea62d47a11a411955b15f7f0873d1f0eab26ccd490a5e2dbffc75a1eff69aa
                                                                                                                                                                                                                                                            • Instruction ID: 6bc1138982416c36843920c476efb1addba3f13bbfe228e43e27fa6aa2798267
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7ea62d47a11a411955b15f7f0873d1f0eab26ccd490a5e2dbffc75a1eff69aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84413C76900218BFDB15DFA4CD85AEEBBB8AF09301F104095FA55B7181DB706E59CFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00221769
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00221834
                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0022183E
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                            • API String ID: 2506810119-1341646710
                                                                                                                                                                                                                                                            • Opcode ID: 1d091b647f32037380b76a9ad0d29c375c9556eaf1f5a79647ffdaa3275bcd78
                                                                                                                                                                                                                                                            • Instruction ID: 575bee73b4e6cf46936c6b726f7dd4cb340b6345d5fb4b70de8c9822e52fceec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d091b647f32037380b76a9ad0d29c375c9556eaf1f5a79647ffdaa3275bcd78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E318075A10229FBDB21DFD9A885D9EBBFCEBA5310B104166F80497211D7B18E70CBA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0025C306
                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0025C34C
                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,002C1990,01856090), ref: 0025C395
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: 253041c394ca3303351485b83270bd01e7ec6a3c20ce66b1beeccdee82c541da
                                                                                                                                                                                                                                                            • Instruction ID: a7106bb290ed7b4437434412314f5d787d64ceb87671f1cefee1c859e3c00613
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 253041c394ca3303351485b83270bd01e7ec6a3c20ce66b1beeccdee82c541da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C41E331214306AFD720DF24D884B1ABBE4AF85321F24866DFDA5972D1E730E918CB66
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0028CC08,00000000,?,?,?,?), ref: 002844AA
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 002844C7
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002844D7
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                            • Opcode ID: e40fe2a3d918a4038d1ea6e93a25c45ceb6c83c775a48b860dccd08556a23734
                                                                                                                                                                                                                                                            • Instruction ID: 458754c320826dc787fd29061eb5531d3b47eab2740a4ba887bc36899dd47686
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e40fe2a3d918a4038d1ea6e93a25c45ceb6c83c775a48b860dccd08556a23734
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5031B035221206AFDF20AE78DC45BEA77A9EB09334F204725F979921D1D774EC609B60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 00256EED
                                                                                                                                                                                                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 00256F08
                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00256F12
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                            • String ID: *j%
                                                                                                                                                                                                                                                            • API String ID: 2173805711-512576846
                                                                                                                                                                                                                                                            • Opcode ID: 9f61841f519195ad75190951919543f7f19106ddb0aa15c688c0fb27d4707f4a
                                                                                                                                                                                                                                                            • Instruction ID: c11cdae6534147ffa5126d80eb00418afb925adba3e905720eec668eb4cb9cb1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f61841f519195ad75190951919543f7f19106ddb0aa15c688c0fb27d4707f4a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B731B571A28209DFCB05AF64E8999BD3776FF44311B600458FD034B6B1C7749925DB94
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0027335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00273077,?,?), ref: 00273378
                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0027307A
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0027309B
                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00273106
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                            • Opcode ID: 0c2c4198accd8f6bc2881843a5ec310239d6da65a53285690acafb327faed011
                                                                                                                                                                                                                                                            • Instruction ID: 070f20ffb8ce576b60df406af610de379c4dd1b503f7b42a3503c86f5766f7cd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c2c4198accd8f6bc2881843a5ec310239d6da65a53285690acafb327faed011
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E31E4392102069FCB20DF28C485EAA77E0EF14318F64C099E91D8B392DB72EE55DB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00283F40
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00283F54
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00283F78
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                            • Opcode ID: 414cd69d83d2613f016090b3b3cb72bd67a81e8aa449a9d5014d7d363ffc5bc6
                                                                                                                                                                                                                                                            • Instruction ID: ade6075d7d021f415dd4df78ed4854d4da942cc49b3ade3256ee66b395d007fa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 414cd69d83d2613f016090b3b3cb72bd67a81e8aa449a9d5014d7d363ffc5bc6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2021EF36620219BBDF25DF50DC46FEA3B79EF88714F110214FE056B1C0D6B1A8608BA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00284705
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00284713
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0028471A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                            • Opcode ID: 107e9dfcdd695f2320dd413ef5bbcc9a6bdadf8de85c5d6ce8f5526d4dfae89d
                                                                                                                                                                                                                                                            • Instruction ID: 1a9d30acf9a84a7b5a9a9c62be994c8d02c503783c89b782271df5820cd63cb0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 107e9dfcdd695f2320dd413ef5bbcc9a6bdadf8de85c5d6ce8f5526d4dfae89d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB21A4B961121AAFDB10EF64DCC5DB737ADEF5A394B100059FA0097291DB30EC21CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                            • Opcode ID: 3ce7c0ea07e2990ba46245f0b9cc7b99efb22aadd74fca024b8abd3152380bd9
                                                                                                                                                                                                                                                            • Instruction ID: c0630c759cba6872917507bbcc251c0e65dfb27baf6a211ed9ddddfe1847da70
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ce7c0ea07e2990ba46245f0b9cc7b99efb22aadd74fca024b8abd3152380bd9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6213732234212A6D731AE249902FB773DC9FA1311F804025FE4996081EBA09DF9C299
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00283840
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00283850
                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00283876
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                            • Opcode ID: eaa40558028927dabe4ea95eeb4af17c45aea9140daef33587c59b1a6beddd3b
                                                                                                                                                                                                                                                            • Instruction ID: 6a04a4aeba2dab4390802263f59b1ccb02023ca5bc9fe0efcc2d54c4e890b080
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eaa40558028927dabe4ea95eeb4af17c45aea9140daef33587c59b1a6beddd3b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2521AF76621119BBEB11DF54DC45EAB776EEF89B50F108124F9049B190CA71DC628BA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00264A08
                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00264A5C
                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0028CC08), ref: 00264AD0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                            • Opcode ID: 563d150f52c0155e1313f3227d8bb55d885957a482f627c447b7cea683c172b8
                                                                                                                                                                                                                                                            • Instruction ID: 4400b1f9d28eecc6f02b8e178eed81fdf237e6dc572591b032c210ded9cbb3b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 563d150f52c0155e1313f3227d8bb55d885957a482f627c447b7cea683c172b8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C317175A00209AFDB10EF54C885EAA7BF8EF08308F1480A5F909DB252D771EE55CBA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0028424F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00284264
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00284271
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                            • Opcode ID: d2a51cc6d50e1f74bd0009126828c63fd5a38b7b786dbf37e48b4186e27c8ba5
                                                                                                                                                                                                                                                            • Instruction ID: 8aa0c502f5a5a680f259d9e27e452152e36d42edeea3fb803e874b962b126211
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2a51cc6d50e1f74bd0009126828c63fd5a38b7b786dbf37e48b4186e27c8ba5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11E335264209BFEF20AF28CC06FAB3BACEF95B54F110124FA55E20D0D671D8219B20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                              • Part of subcall function 00252DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00252DC5
                                                                                                                                                                                                                                                              • Part of subcall function 00252DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00252DD6
                                                                                                                                                                                                                                                              • Part of subcall function 00252DA7: GetCurrentThreadId.KERNEL32 ref: 00252DDD
                                                                                                                                                                                                                                                              • Part of subcall function 00252DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00252DE4
                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00252F78
                                                                                                                                                                                                                                                              • Part of subcall function 00252DEE: GetParent.USER32(00000000), ref: 00252DF9
                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00252FC3
                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,0025303B), ref: 00252FEB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                            • Opcode ID: 53449b8b00de390563c00735c588dcb5a2e0792dbcd4a22e8fc9999f2bfdbd19
                                                                                                                                                                                                                                                            • Instruction ID: d1722c40d59b818a2bef9707ad8044de683257f51a028dadd23b90f60a2aea9b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53449b8b00de390563c00735c588dcb5a2e0792dbcd4a22e8fc9999f2bfdbd19
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D011CD75210219ABCF50BF609C89EEE376AAF95305F044075BD099B292DF30991D8F70
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002858C1
                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002858EE
                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 002858FD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                            • Opcode ID: f9574b714886e6c5fb8d52ed44bb82b02d0c815177a9261d370da00bf680bbb7
                                                                                                                                                                                                                                                            • Instruction ID: 8b66d11567865d7cc6a0b99fbb4a8495854007a3a5a5b27506cab858f427d23d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9574b714886e6c5fb8d52ed44bb82b02d0c815177a9261d370da00bf680bbb7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01C435521218EFDF20AF11EC44BAEBBB4FF45361F108099E848D6191DB308AA0DF70
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 35cc62aab187ccc760dd1b2e259d901df3a07fe99c53b231e782b7ac870b2321
                                                                                                                                                                                                                                                            • Instruction ID: 2e8f4d09dbf93c18838a1157718557fb1a01c199b83d865af6bc5a6cee04a857
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35cc62aab187ccc760dd1b2e259d901df3a07fe99c53b231e782b7ac870b2321
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5C17B75A1020AEFDB14CFA4C898BAEB7B5FF48305F208598E805EB251C771ED95CB94
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                            • Opcode ID: fbe55e87e5fb43eb4b08b9b4c9f045e4bbe6860e280559109953076922507450
                                                                                                                                                                                                                                                            • Instruction ID: 444e0a00b4aa0bfe2271b7c927bfac179f8e39b692911394ccad67042e8c10fb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbe55e87e5fb43eb4b08b9b4c9f045e4bbe6860e280559109953076922507450
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4A169752143059FC700EF28C485A2AB7E5FF88714F048859F98A9B3A2DB70EE15DF92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0028FC08,?), ref: 002505F0
                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0028FC08,?), ref: 00250608
                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0028CC40,000000FF,?,00000000,00000800,00000000,?,0028FC08,?), ref: 0025062D
                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0025064E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                            • Opcode ID: 71f42cb2e74d4a3ddce9cef79926086fb814464ed94a26dbdfcbfad21a1c8e3e
                                                                                                                                                                                                                                                            • Instruction ID: e1bcddbaeadd671227e203122d2586822b61310b297a1847a1c54147b48f7657
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71f42cb2e74d4a3ddce9cef79926086fb814464ed94a26dbdfcbfad21a1c8e3e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC814C75A10109EFCB04DF94C984EEEB7B9FF89315F204558E916AB250DB71AE0ACB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0027A6AC
                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0027A6BA
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0027A79C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0027A7AB
                                                                                                                                                                                                                                                              • Part of subcall function 0020CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00233303,?), ref: 0020CE8A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                            • Opcode ID: afdce7afb462fcad8eebe425806a092bff34e52cef53bfd44234660f42b618af
                                                                                                                                                                                                                                                            • Instruction ID: 9a12b750f888f1d1577be3bd166914da855effb6d8ece6cbdf3f924f1ee0da1b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afdce7afb462fcad8eebe425806a092bff34e52cef53bfd44234660f42b618af
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF516DB15083059FD710EF24D886A6FBBE8FF99754F00891DF58997292EB30D914CB92
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                            • Opcode ID: ccb10001d21a5f935aecced3c477994d4ddb3a5b41774bf8a2c37b7c5b23ca7e
                                                                                                                                                                                                                                                            • Instruction ID: ec4aa15614a36695e1a7e83030e1fbb4e97edc23a438068374f20d8efb61cda7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccb10001d21a5f935aecced3c477994d4ddb3a5b41774bf8a2c37b7c5b23ca7e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32417DB1A30111BBDB217FFC9C466FE3AE5EF51330F244225F919C2191E67448B15B61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 002862E2
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00286315
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00286382
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                            • Opcode ID: 4ce37d939ac6ca223c4308654a19612e632e35c577af1e3e7ccc8112dba0d559
                                                                                                                                                                                                                                                            • Instruction ID: f71d68967aaca0f1a0c2a2bfc41ac83efd1b2383be4167d8e7185729421623a8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ce37d939ac6ca223c4308654a19612e632e35c577af1e3e7ccc8112dba0d559
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4517D7891120AEFCF10EF58D888AAE7BB5FF45760F2081A9F9159B290D730ED61CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00271AFD
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271B0B
                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00271B8A
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00271B94
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                            • Opcode ID: fa6ce79029995a58e968e0cde2ecec4376ed495a3fc8adc7b27a9c24bb8484e8
                                                                                                                                                                                                                                                            • Instruction ID: 60045c98f7200b3b13263e813e547aa2c342a4c9f4b1a02f9d60ae8433d84263
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa6ce79029995a58e968e0cde2ecec4376ed495a3fc8adc7b27a9c24bb8484e8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7419E74600201AFE720AF24D886F3A77E5AF44718F54C448FA1A9F2D3D772ED528B90
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 9771bebaa6fb32d9e8569eb1b5a7dbe09218d74cee535500d65966fb14b3ac89
                                                                                                                                                                                                                                                            • Instruction ID: 14f82f066e51449be00ab75fc23da8e361cf51510ba4ad98efcca34124361f62
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9771bebaa6fb32d9e8569eb1b5a7dbe09218d74cee535500d65966fb14b3ac89
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6414B71A20714BFD725AFB8DC41BAABBE9EB88710F10452AF451DB281D7729960CB80
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00265783
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 002657A9
                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 002657CE
                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 002657FA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                            • Opcode ID: 217473d27db7ca54e852ac8d2360a804dc20cae004dae1bdffa09029878e5c97
                                                                                                                                                                                                                                                            • Instruction ID: 363b4c7e35fa1ecb1dfaf18a5a05381c69aedfbe09b8bf73372f1de38f610b2c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 217473d27db7ca54e852ac8d2360a804dc20cae004dae1bdffa09029878e5c97
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA413D39600615DFCB11DF15D544A2EBBE2EF99320B198488ED4AAB3A2CB74FD44CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00216D71,00000000,00000000,002182D9,?,002182D9,?,00000001,00216D71,?,00000001,002182D9,002182D9), ref: 0022D910
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0022D999
                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0022D9AB
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0022D9B4
                                                                                                                                                                                                                                                              • Part of subcall function 00223820: RtlAllocateHeap.NTDLL(00000000,?,002C1444,?,0020FDF5,?,?,001FA976,00000010,002C1440,001F13FC,?,001F13C6,?,001F1129), ref: 00223852
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                            • Opcode ID: 041b01e1b5c1772524c62856bb525519f057d0b154be0ceec30ce637e4f0d97b
                                                                                                                                                                                                                                                            • Instruction ID: e38241f6f5f000d8d1126ef044e1ee8e4ee66f67776492541efb07f9c4106681
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 041b01e1b5c1772524c62856bb525519f057d0b154be0ceec30ce637e4f0d97b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831B371A2021AABDF24DFA4EC85EEE7BA5EB40310F154168FC04D7250D735CDA4CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00285352
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00285375
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00285382
                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002853A8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                            • Opcode ID: 0749eb397b34ace24d9724e0c380ce24965d95aa45d2b2bf62709a1796c76b31
                                                                                                                                                                                                                                                            • Instruction ID: 9bb660a9e5affdc31189030e4770a9aa3ac4e22cfb43c71502b53c8cb80d0fc1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0749eb397b34ace24d9724e0c380ce24965d95aa45d2b2bf62709a1796c76b31
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F631C338A77A29BFEB24AE14CC06FE83765AB05391F584081BA10961E1C7B49EA09B51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,76AAC0D0,?,00008000), ref: 0025ABF1
                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0025AC0D
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0025AC74
                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,76AAC0D0,?,00008000), ref: 0025ACC6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                            • Opcode ID: 736bca36aabaa920942e8205088fb1ebb654a7e7be52390997925b0107a6a905
                                                                                                                                                                                                                                                            • Instruction ID: 68aed332d64797a7164ce188d2d38f84b1608ef23b85ac5b25e20c3b05b27322
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 736bca36aabaa920942e8205088fb1ebb654a7e7be52390997925b0107a6a905
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA313B30A20319AFEF35CF648C0A7FA7BA5AB85313F04431BEC85561D0D37489A9876A
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 0028769A
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00287710
                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,00288B89), ref: 00287720
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 0028778C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                            • Opcode ID: 41eded24c51a626f30d0128c8010b6756c7da9561b969ae80c8325f7b65ccfe8
                                                                                                                                                                                                                                                            • Instruction ID: 515dc03774899cbe8bacb1873bd3a61a8a79ef30da20c407b8500161ae3bae2c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41eded24c51a626f30d0128c8010b6756c7da9561b969ae80c8325f7b65ccfe8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1741A23C616215DFCB01EF58D899EA9B7F5FF49314F2940A8E8149B2A1D730E961CF90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 002816EB
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00253A57
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: GetCurrentThreadId.KERNEL32 ref: 00253A5E
                                                                                                                                                                                                                                                              • Part of subcall function 00253A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002525B3), ref: 00253A65
                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 002816FF
                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 0028174C
                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00281752
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                            • Opcode ID: d1940cbe7c73af8eb6bd65dbaa79084a856d3a92a87c66a1eec1905bcdb9ce28
                                                                                                                                                                                                                                                            • Instruction ID: 66d361bcaf54a557538a94df784dff1bee0485f5bb029b12ba8796fe7c90c9f9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1940cbe7c73af8eb6bd65dbaa79084a856d3a92a87c66a1eec1905bcdb9ce28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE315E75D11149AFCB00EFA9C881CAEFBFDEF58304B5480A9E515E7251DB319E45CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00289001
                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00247711,?,?,?,?,?), ref: 00289016
                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 0028905E
                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00247711,?,?,?), ref: 00289094
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                            • Opcode ID: 0284221dd79a3492140e3f5b89162d7368ea5a9abf939d583660d8b09eac7dad
                                                                                                                                                                                                                                                            • Instruction ID: e76d2c2421d3282ddc95da768b7d94d6dd3835036a3ea921ea9caedf1c9d9d32
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0284221dd79a3492140e3f5b89162d7368ea5a9abf939d583660d8b09eac7dad
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF21F339612018EFDB259F94DC58EFA3BB9EF4A310F280065F506571A2C33599A0DF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,0028CB68), ref: 0025D2FB
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0025D30A
                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0025D319
                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0028CB68), ref: 0025D376
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                            • Opcode ID: d261cd465e1cc0e1ab8b26ceee2a23cb7cfdf00bf69a95e14f3b7129a874ac7c
                                                                                                                                                                                                                                                            • Instruction ID: f2f39ed7fbc825937b28d52aeab2ecabe423c01578fb1b5b62eb3cf9bb18a4b3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d261cd465e1cc0e1ab8b26ceee2a23cb7cfdf00bf69a95e14f3b7129a874ac7c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8321D374516202AF8320EF24D88186AB7E4EF56365F204A5DFC99C72E1D730D91ACF97
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00251014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0025102A
                                                                                                                                                                                                                                                              • Part of subcall function 00251014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00251036
                                                                                                                                                                                                                                                              • Part of subcall function 00251014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00251045
                                                                                                                                                                                                                                                              • Part of subcall function 00251014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0025104C
                                                                                                                                                                                                                                                              • Part of subcall function 00251014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00251062
                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 002515BE
                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 002515E1
                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00251617
                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0025161E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                            • Opcode ID: 8e1d291d1cd671a2b49af26a8a164748ba60534db4b558d25f1ba7a39cd2f899
                                                                                                                                                                                                                                                            • Instruction ID: 693bef94d70f16bc6e77e00ae1f14cb73d09487b551f4f9a1d901e13f300329b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e1d291d1cd671a2b49af26a8a164748ba60534db4b558d25f1ba7a39cd2f899
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB21CF31E50109EFDF00DFA4C948BEEB7B8EF40346F184459E801AB240E730AE28CBA4
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0028280A
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00282824
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00282832
                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00282840
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                            • Opcode ID: 118cc0d48a94a1cc6cce780f50ca6c3ed91c41831141ce3582ee81967b36b365
                                                                                                                                                                                                                                                            • Instruction ID: dc3ae217b33fa5c9a1cca4ee74ad85cb2bcb8fd8acb38f83ec4ac9a038696f99
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 118cc0d48a94a1cc6cce780f50ca6c3ed91c41831141ce3582ee81967b36b365
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F21F439216111EFDB14AB24D844F6AB795EF45324F248158F4168B6E2C775FC46CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00258D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0025790A,?,000000FF,?,00258754,00000000,?,0000001C,?,?), ref: 00258D8C
                                                                                                                                                                                                                                                              • Part of subcall function 00258D7D: lstrcpyW.KERNEL32(00000000,?,?,0025790A,?,000000FF,?,00258754,00000000,?,0000001C,?,?,00000000), ref: 00258DB2
                                                                                                                                                                                                                                                              • Part of subcall function 00258D7D: lstrcmpiW.KERNEL32(00000000,?,0025790A,?,000000FF,?,00258754,00000000,?,0000001C,?,?), ref: 00258DE3
                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00258754,00000000,?,0000001C,?,?,00000000), ref: 00257923
                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00258754,00000000,?,0000001C,?,?,00000000), ref: 00257949
                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00258754,00000000,?,0000001C,?,?,00000000), ref: 00257984
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                            • Opcode ID: bf53366beb1f7af832cfe85e98342ed559ace1cdb703e0453a2a5a0af12e92a5
                                                                                                                                                                                                                                                            • Instruction ID: 941a96beb5c79252ee05e97102cfa4796e7f55c9cf4fbe5ff79c19c780a444a5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf53366beb1f7af832cfe85e98342ed559ace1cdb703e0453a2a5a0af12e92a5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE11293A211342ABCB159F39E848E7A77E5FF85351B10402AFC06C72A4EB719825C775
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00287D0B
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00287D2A
                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00287D42
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0026B7AD,00000000), ref: 00287D6B
                                                                                                                                                                                                                                                              • Part of subcall function 00209BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00209BB2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                            • Opcode ID: 46b4127a93661c05538ac18cf66365972578e83f4390243ff030f54fe6977fe4
                                                                                                                                                                                                                                                            • Instruction ID: 785a66e500bc6968de55c38c9b9786baf0496402068b7e1b0804d4eaefa0dcf1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46b4127a93661c05538ac18cf66365972578e83f4390243ff030f54fe6977fe4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E11603A526615AFCB10AF28DC08E663BA5AF463A0B358724F835D72F1E730D961DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 002856BB
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002856CD
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002856D8
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00285816
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                            • Opcode ID: 6ff78d5fdad98a0a6a7be5ec4a6a119a1a7863229d9f392af3a331f68052f108
                                                                                                                                                                                                                                                            • Instruction ID: fed95dc44ce5c1fdc861889cf8ecf330e2efab94c843ff311be6d21814ced427
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ff78d5fdad98a0a6a7be5ec4a6a119a1a7863229d9f392af3a331f68052f108
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11E43963262596DF20AF618C85AEE77ACBF11361B104126F915D60C1E7B0C9A4CFA0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7909b7d4ef1fd1633cbe70261d4c5cd53d8bf6d19c4374c1bcfca79342f112e8
                                                                                                                                                                                                                                                            • Instruction ID: 272a4c8f400c36b753a20ab0e53c173430a2844159d9d030d21a7a9526ccf0c1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7909b7d4ef1fd1633cbe70261d4c5cd53d8bf6d19c4374c1bcfca79342f112e8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6101A2B222562ABEF7212AF87CC4F67661CDF557B8B300325F521511D2DB718C718570
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00251A47
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00251A59
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00251A6F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00251A8A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                            • Opcode ID: 3784fe69665accdbe515429b9673d419714ab63f39fb812b10ff095e844f0c97
                                                                                                                                                                                                                                                            • Instruction ID: a210db42136d59236ee386ecf5a711751a0aa73d1e20ff9aa8733b5ce2577279
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3784fe69665accdbe515429b9673d419714ab63f39fb812b10ff095e844f0c97
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1110C3AD01219FFEB11DBA5CD85FADBB78EF04750F200091EA04B7294D6716E60DB94
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0025E1FD
                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0025E230
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0025E246
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0025E24D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                            • Opcode ID: f20acd9644e724c11fe30842424fbd8ba9866cea96f03749dda0321e055f06e3
                                                                                                                                                                                                                                                            • Instruction ID: 3d512cb6f280cb9f106582e16d607489a7cc3a6e48dc937ac180d1b59524ee3c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f20acd9644e724c11fe30842424fbd8ba9866cea96f03749dda0321e055f06e3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511E576914254ABCB059FA8BC0DE9A7BAC9B46325F104255FC24D3296D7B08E1487A0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0021CFF9,00000000,00000004,00000000), ref: 0021D218
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0021D224
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0021D22B
                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0021D249
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                            • Opcode ID: e00212c76dea56315c0d778bef1adb7406fee0a0a5f4ca37d688b1edce564adb
                                                                                                                                                                                                                                                            • Instruction ID: c270fe1af93b75d82364ccb603450e89a13484bf0a05bfd0e43d9cddd6f204b7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00212c76dea56315c0d778bef1adb7406fee0a0a5f4ca37d688b1edce564adb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE012636425204FBC7115FA5EC09BEB7BA9DFA1330F200219FC35920D1CB7188A1CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001F604C
                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 001F6060
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 001F606A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                            • Opcode ID: 231668fba8de350b1bed5337de90cce0b96df8c67e0a7e6af8bae5f804007c20
                                                                                                                                                                                                                                                            • Instruction ID: 03a4b0f3ec8ad233cca00d2f0a24056d83ba7190163d79f0b34f722efdad00d1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 231668fba8de350b1bed5337de90cce0b96df8c67e0a7e6af8bae5f804007c20
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB116D7250250CBFEF169FA49C48EFABB6DEF093A4F240215FB1552110DB369C60DBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00213B56
                                                                                                                                                                                                                                                              • Part of subcall function 00213AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00213AD2
                                                                                                                                                                                                                                                              • Part of subcall function 00213AA3: ___AdjustPointer.LIBCMT ref: 00213AED
                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00213B6B
                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00213B7C
                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00213BA4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                            • Instruction ID: c83991109ad05a95538a01c39394f6ea4b2943b9d4a72460d65961fdf2c1c46b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8012972110149BBDF12AE95CC42EEB3BAAEF68758F044014FE4856121D732E9B1DFA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,001F13C6,00000000,00000000,?,0022301A,001F13C6,00000000,00000000,00000000,?,0022328B,00000006,FlsSetValue), ref: 002230A5
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0022301A,001F13C6,00000000,00000000,00000000,?,0022328B,00000006,FlsSetValue,00292290,FlsSetValue,00000000,00000364,?,00222E46), ref: 002230B1
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0022301A,001F13C6,00000000,00000000,00000000,?,0022328B,00000006,FlsSetValue,00292290,FlsSetValue,00000000), ref: 002230BF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                            • Opcode ID: a46de6ea5db227d80dc9c13758f2c163553a6fce6110ff9c3a6dbd5ba7a433a2
                                                                                                                                                                                                                                                            • Instruction ID: 09c878c32bd04431f33455644b2a9d0f2c84e1d7c3572c12a9f1bffe3c32146e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a46de6ea5db227d80dc9c13758f2c163553a6fce6110ff9c3a6dbd5ba7a433a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C017536722237BBC7218AB9BC4895677989B45B61B210624F905E7140D725DA1586F0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0025747F
                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00257497
                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 002574AC
                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 002574CA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                            • Opcode ID: 3567841380790274bdd1f6b29c67ef9d0c850f3a47b01e53d114db43c595c2af
                                                                                                                                                                                                                                                            • Instruction ID: 167293fcb3ea61d5d7cf62599a7cf77f625c5a8221f82a1c9883d15a49a382fd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3567841380790274bdd1f6b29c67ef9d0c850f3a47b01e53d114db43c595c2af
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA11ADB5266311ABF7208F24FC0CF927BFCEB00B01F208569AE16D6191D7B0E958DB65
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0025ACD3,?,00008000), ref: 0025B0C4
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0025ACD3,?,00008000), ref: 0025B0E9
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0025ACD3,?,00008000), ref: 0025B0F3
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0025ACD3,?,00008000), ref: 0025B126
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                            • Opcode ID: 0677a74317c39c091481097ca96ebd47122f7f43d6b0e3003b69faa102f61de8
                                                                                                                                                                                                                                                            • Instruction ID: f5eb7ecf29a6cb72eb523f913b123a7f54a5a019b0baa69b74272c7fbb683b66
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0677a74317c39c091481097ca96ebd47122f7f43d6b0e3003b69faa102f61de8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4118E30C2191DD7CF01AFE5E99C6EEBB78FF09312F108095D945B2181CB3085648B65
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00287E33
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00287E4B
                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00287E6F
                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00287E8A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                            • Opcode ID: a59d31ad3cf2c779ab1f1a06ebbaacb456679df2d7ad19517638b7a70500929f
                                                                                                                                                                                                                                                            • Instruction ID: 3a96d42d9dee85ab1f619f1bb354109114e223e74f81a627e581677318e5f4ac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a59d31ad3cf2c779ab1f1a06ebbaacb456679df2d7ad19517638b7a70500929f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A1159B9D0020AAFDB41DF98D444AEEBBF9FF08310F505066E925E3210D735AA54CF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00252DC5
                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00252DD6
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00252DDD
                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00252DE4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                            • Opcode ID: 567ec4837426b2970497a3e6097536fbf283042a31ba42ea94e394de59daa34d
                                                                                                                                                                                                                                                            • Instruction ID: e1163b9b4a241b0b4ef7f6152460337ebc100ab88b8fdd8c69fba9ecb08b3141
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 567ec4837426b2970497a3e6097536fbf283042a31ba42ea94e394de59daa34d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E06D75112234BAD7201B62AC0DEEB3E6CEB83BA2F100125B905D1080ABB48848C7B0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00209693
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: SelectObject.GDI32(?,00000000), ref: 002096A2
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: BeginPath.GDI32(?), ref: 002096B9
                                                                                                                                                                                                                                                              • Part of subcall function 00209639: SelectObject.GDI32(?,00000000), ref: 002096E2
                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00288887
                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00288894
                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 002888A4
                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 002888B2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                            • Opcode ID: dd574ec83a317ee5c73bfd749d9d4649a2e2ffcd8d943873910b6e0997c87158
                                                                                                                                                                                                                                                            • Instruction ID: 7d3034668dc36cfc1d468720d85121a5b481b1fbbb9206a040fe692ad1411faf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd574ec83a317ee5c73bfd749d9d4649a2e2ffcd8d943873910b6e0997c87158
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EF0343A052259BAEB126F94AC0EFCA3A69AF06310F548000FA12650E2C7B55561CFA9
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 002098CC
                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 002098D6
                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 002098E9
                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 002098F1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                            • Opcode ID: 033d1fd3b91ce7fa4d31a3c7e094c46bf25185b525138ca0912bbece538ceec1
                                                                                                                                                                                                                                                            • Instruction ID: 27455d590ee934093d80b0592040af7c2226aa48f2b131bc7f5bfafb07957f71
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 033d1fd3b91ce7fa4d31a3c7e094c46bf25185b525138ca0912bbece538ceec1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7E06D35245284AEDF215F74BC0DBE83F20AB12336F24821AF6FA580E2C37146509B20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00251634
                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,002511D9), ref: 0025163B
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,002511D9), ref: 00251648
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,002511D9), ref: 0025164F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                            • Opcode ID: b0e6d07c17617bf059ad9cfe372cff901fa4a0d00882a0aeb5273dac3f5b2b6e
                                                                                                                                                                                                                                                            • Instruction ID: fe486ff467fc44666e014e466b0658dc4732c8ec5f31e65405ba3afef9c8f63a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0e6d07c17617bf059ad9cfe372cff901fa4a0d00882a0aeb5273dac3f5b2b6e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E0463A602212ABD7202FB0BE0DB863B6CAF45792F298808FA45C9080E73488558B64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0024D858
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0024D862
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0024D882
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0024D8A3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                            • Opcode ID: b688249e550b5c3c04088a8335212e8839299dd00668b3b67976107d49f27f30
                                                                                                                                                                                                                                                            • Instruction ID: ee1c53885f61b3c4c482a7ed7dc04c290d908e44ac0a5d7ecff70f4c1642aeb9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b688249e550b5c3c04088a8335212e8839299dd00668b3b67976107d49f27f30
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01E01AB8811215DFCB419FB0E90C66DFBB6FB48310F248019E916E7250D7785911AF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0024D86C
                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0024D876
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0024D882
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0024D8A3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                            • Opcode ID: d17be1b9ccf23a5af03af0e59d7da02f0a917056b0eedf268b4592d04ddf1058
                                                                                                                                                                                                                                                            • Instruction ID: 0176f32456def73d957ddc2352b3746b5e2401ae705107e396c140be8613aa80
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d17be1b9ccf23a5af03af0e59d7da02f0a917056b0eedf268b4592d04ddf1058
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24E01A78801214DFCB409FB0E80C66DBBB5BB48310B248018E91AE7250D7385901AF60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F7620: _wcslen.LIBCMT ref: 001F7625
                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00264ED4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                            • Opcode ID: cedd800690e18e4d2cd35a8d2177ad23ec8494d3975714a42d0d78c99bb84d04
                                                                                                                                                                                                                                                            • Instruction ID: dcfb936480878f9d79279ce6a60e4ff11b781ce9675fcc53ab4e545e9e03319c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cedd800690e18e4d2cd35a8d2177ad23ec8494d3975714a42d0d78c99bb84d04
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01918275A10205DFCB14EF58C484EAABBF1BF48304F188099E84A9F7A2C775ED95CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0021E30D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                            • Opcode ID: 12913faddfe5074608605643c2cd7481f148d4f4b46b9e77693347777c703163
                                                                                                                                                                                                                                                            • Instruction ID: 9044d38bff7450e898ac17a6d453784aca836f13171f7bbe0fd81766e7baf533
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12913faddfe5074608605643c2cd7481f148d4f4b46b9e77693347777c703163
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8519A61A3C213B6CF117F64ED013FA3BE4AB60740F314999E8E5422A9DB348CF58A42
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(0024569E,00000000,?,0028CC08,?,00000000,00000000), ref: 002778DD
                                                                                                                                                                                                                                                              • Part of subcall function 001F6B57: _wcslen.LIBCMT ref: 001F6B6A
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(0024569E,00000000,?,0028CC08,00000000,?,00000000,00000000), ref: 0027783B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                            • String ID: <s+
                                                                                                                                                                                                                                                            • API String ID: 3544283678-2057180819
                                                                                                                                                                                                                                                            • Opcode ID: 91cf50960bcbfb6db6291c6c0fbaca4ebb3d0e4b800b1f6a5df148008341bb27
                                                                                                                                                                                                                                                            • Instruction ID: 1df0bed661adf330c42c1ece52925160f69e5f97c6799983ff6451a4941823ad
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91cf50960bcbfb6db6291c6c0fbaca4ebb3d0e4b800b1f6a5df148008341bb27
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98614D7692411DEACF04EFA4CC91DFDB3B8BF24300B548125E646A7191EF745A15DBA0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                            • Opcode ID: 037340b4763a8916bcf490725b7d09c4311b3b8eabb369f5fd16886e3a64b580
                                                                                                                                                                                                                                                            • Instruction ID: be882a7565edb14e86209a2908164ed75a6dfc7e42c3f348469983cd47f092c6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 037340b4763a8916bcf490725b7d09c4311b3b8eabb369f5fd16886e3a64b580
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94513475510346DFEF18DF28C481ABABBA4FF65320F254415EC919B2D1D7309DA2CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0020F2A2
                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0020F2BB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                            • Opcode ID: fd8cb7b8ccd6086e71295d9f7afaa23ef1e4ee87480398cc4e50ca1bc3ebed1c
                                                                                                                                                                                                                                                            • Instruction ID: 4b3b48d479bca9d91ff6f40331448c41dfb50d5f7418f83e0cf88043d0971110
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd8cb7b8ccd6086e71295d9f7afaa23ef1e4ee87480398cc4e50ca1bc3ebed1c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A5138714187499BD320AF14EC86BBBBBF8FF95310F81485DF29941195EF308929CB66
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 002757E0
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 002757EC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                            • Opcode ID: a99fab537602f17c91f080c0ce740e2a284507b4e7c5f6fc979e479c53c7fcc1
                                                                                                                                                                                                                                                            • Instruction ID: 7a70d5ea6ca83e072534d69d07aca327ea06056e7de2bbca3722bc97fe8cdfd1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a99fab537602f17c91f080c0ce740e2a284507b4e7c5f6fc979e479c53c7fcc1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E841B331E2021A9FCB14DFA9C8859BEFBB5FF59310F148029E509A7292D7709D91CF91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0026D130
                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0026D13A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                            • Opcode ID: ba354cad073351e319d64465217ef24d9a6eacb1cdf3a6c386da33025abb2ad4
                                                                                                                                                                                                                                                            • Instruction ID: 3c40e42276cd15eadf08717fe90e47e0162542a3d251ecdb7c0325f80e810c7f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba354cad073351e319d64465217ef24d9a6eacb1cdf3a6c386da33025abb2ad4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC315B71D1020DABCF15EFA4CC85AEEBFB9FF15300F000059F919A6162E771AA56CB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00283621
                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0028365C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                            • Opcode ID: 318b3114b88f919ee189e0a85b3c1eebae9d11dce9add04fa0f68ad8cbf64451
                                                                                                                                                                                                                                                            • Instruction ID: b0469028d158e76bd9bcf5202411d84f8b0befa4dae53ab86469f547a9a11fe3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 318b3114b88f919ee189e0a85b3c1eebae9d11dce9add04fa0f68ad8cbf64451
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B131B275121205AEDB10EF28DC40EFB73ADFF88720F508619F96597180DB30ADA1CB64
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0028461F
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00284634
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                            • Opcode ID: 68cfa1314a1e043babf699cf0f2cbdd6f62bee82877ae405ae49b17ce71bd462
                                                                                                                                                                                                                                                            • Instruction ID: da4e6094e74b4cf7bcb4bbecdffca710a983ac59460b227e4dc6f8bf98c139e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68cfa1314a1e043babf699cf0f2cbdd6f62bee82877ae405ae49b17ce71bd462
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E314978A1131A9FDB14EF69C980BDE7BB9FF19300F50406AE904AB381E770A911CF90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0028327C
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00283287
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                            • Opcode ID: 2e349b8471f41caf017b4648b2e8484f0700f4046de806104a173a9e5ef4accc
                                                                                                                                                                                                                                                            • Instruction ID: 30ce618427846abb6f319f28c719ecaae47af4aad474145d7d49be1b70cd9eff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e349b8471f41caf017b4648b2e8484f0700f4046de806104a173a9e5ef4accc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA1122753212097FFF25EE54DC84EBB376AEB947A4F100224FD18972D4D6319D608B60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001F604C
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: GetStockObject.GDI32(00000011), ref: 001F6060
                                                                                                                                                                                                                                                              • Part of subcall function 001F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 001F606A
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0028377A
                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00283794
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                            • Opcode ID: 3aa68a27bc79d2b515d56aef3959ac03d8e5ff029027c29db2acd88b59fb3e77
                                                                                                                                                                                                                                                            • Instruction ID: e6e3000a797022ff84e6d20b6a598dc3cedcfd8a370f293117141c54dcc281ff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aa68a27bc79d2b515d56aef3959ac03d8e5ff029027c29db2acd88b59fb3e77
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63115CB662020AAFDF00EFA8CC45EEA7BB8EB08304F104514F955E2250D734E8609B60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0026CD7D
                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0026CDA6
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                            • Opcode ID: e9798f595a884257dd6c19c188ea687e4b82a8cc5deeacf02c61535ef0f27759
                                                                                                                                                                                                                                                            • Instruction ID: 1997f16d2829904aa5f581d25b1a2394943d146f95a0603116b253444ec7386b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9798f595a884257dd6c19c188ea687e4b82a8cc5deeacf02c61535ef0f27759
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311C6752256327AD7386F668C49FF7BE6CEF127A4F204236B18983080D77498A4D6F0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 002834AB
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002834BA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                            • Opcode ID: 3ff7482d20dd12ae895e4c519668520da8380b5fa46ee145c1a20a22c6fd4536
                                                                                                                                                                                                                                                            • Instruction ID: ca18d9ffcf2c7df5e7bb6000087b5a99768438f38e4a6ca543a7e4f0077d988b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ff7482d20dd12ae895e4c519668520da8380b5fa46ee145c1a20a22c6fd4536
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F11BF79122109ABEF11AE64EC44EBB376AEF05B74F604324F965931D0C771EC619B60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00256CB6
                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00256CC2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                            • Opcode ID: fe185a8a355d09ae019e01468878b423bf59f4ec93d00139ec5229c360aa73bc
                                                                                                                                                                                                                                                            • Instruction ID: 0621368d5fb67c9898d53adf3fe23bb9a6cdf82a0db1a751cd5e4f204c2ab560
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe185a8a355d09ae019e01468878b423bf59f4ec93d00139ec5229c360aa73bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED01043262052B8ACB21AFFDDC889BF73B4EE617227900925EC5297190FB31D828C654
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 00253CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00253CCA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00251D4C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                            • Opcode ID: 0eccc5f005573e83815729ed9b7decbab36405d81de898636c9af4be5f1a3ada
                                                                                                                                                                                                                                                            • Instruction ID: b5d293dc0dca62e984ad919edd5e3b16a735aeb7a824694d72eb330a3646e894
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eccc5f005573e83815729ed9b7decbab36405d81de898636c9af4be5f1a3ada
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D012831622228AB8B08FFA0CC11EFE7378FF56391B04051AFC225B2C1EB71592C8760
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 00253CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00253CCA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00251C46
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                            • Opcode ID: be844fe8f9836fcf552e0242796c80a8259e0bb786873dc70ee62e86ffd5992e
                                                                                                                                                                                                                                                            • Instruction ID: ce9c095a1fd1e0bad458726f9da35da0199e219528142763752fc963070d77f3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be844fe8f9836fcf552e0242796c80a8259e0bb786873dc70ee62e86ffd5992e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7901F7756A110866CB08FF90C951BFF77A89F22382F14001AED0667281EB319E3CC6B6
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 00253CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00253CCA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00251CC8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                            • Opcode ID: d62bef9180be0537fdc0a68e6df2796ea3a929e827443398b41b9b934bfbdd0b
                                                                                                                                                                                                                                                            • Instruction ID: 63aac898f4bdfcf831034daf57f1ac9679dd97c2c1e1e7de6e14af88a27efdcc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d62bef9180be0537fdc0a68e6df2796ea3a929e827443398b41b9b934bfbdd0b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B01A77566111966CB04FB90CA01BFE77A89B21382B140016BD0177281EA719F3CD676
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0020A529
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                            • String ID: ,%,$3y$
                                                                                                                                                                                                                                                            • API String ID: 2551934079-228761560
                                                                                                                                                                                                                                                            • Opcode ID: 2e767c86659e6391a3d3cc3b0d8d4164c2f1c9ef89443a3fdde537e0638730dd
                                                                                                                                                                                                                                                            • Instruction ID: 5ca702f806b1238836e7696d2f44ce5a61626f1cad6cf0dcfe5e0b0335ae3917
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e767c86659e6391a3d3cc3b0d8d4164c2f1c9ef89443a3fdde537e0638730dd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7801F731A20714D7C704FB68AC5BFAD3754AB05750FD00018F601571C3DE909D658A97
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 001F9CB3: _wcslen.LIBCMT ref: 001F9CBD
                                                                                                                                                                                                                                                              • Part of subcall function 00253CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00253CCA
                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00251DD3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                            • Opcode ID: 6c6224d5cf00ca2c33bc92460d773e6af82f42ceca503ffedc0d43dc8eef1957
                                                                                                                                                                                                                                                            • Instruction ID: a8304d72ea4362b9fdcb98d40bf70446ba2decabce63f46fd52c0971e93f1deb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c6224d5cf00ca2c33bc92460d773e6af82f42ceca503ffedc0d43dc8eef1957
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87F0F471A6222C66CB08FBA4CC52BFE7778AF12381F040915FD22A72C1EB70592C8664
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,002C3018,002C305C), ref: 002881BF
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 002881D1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                            • String ID: \0,
                                                                                                                                                                                                                                                            • API String ID: 3712363035-2004440278
                                                                                                                                                                                                                                                            • Opcode ID: a1beec88a18292f05b44322751bd9faf44d24444d96067411a82d0520b590baa
                                                                                                                                                                                                                                                            • Instruction ID: ff18f0e5f1b1ee34589e087d5ee9f27016e670ddea92e09c245d8382a5468119
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1beec88a18292f05b44322751bd9faf44d24444d96067411a82d0520b590baa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1F082B7651300BEE320BB61BC4DFB77A9CEB04750F008865BB08D51A2D6759E6497F8
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                            • Opcode ID: 55e0224027dad1d89022b8bb3b7250c1b946cfc0fe948e89b650e6e08da6d1e0
                                                                                                                                                                                                                                                            • Instruction ID: 40013a04732c0b384fc9090f30e3934a2dc18f0ed54c699ad96d3175c65ed026
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55e0224027dad1d89022b8bb3b7250c1b946cfc0fe948e89b650e6e08da6d1e0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BE02B06235261109231267A9CD19BF56D9DFD5790714182BF98DC2276EAA48DF193E0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00250B23
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                            • Opcode ID: f0e056bba65e842cef0de0db8ff34f73f4eea735c075637b768904785e155fcc
                                                                                                                                                                                                                                                            • Instruction ID: a05d27e5a603f341b2ce2d37c29323de17aab98bbaf195d239104cfffa89a102
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0e056bba65e842cef0de0db8ff34f73f4eea735c075637b768904785e155fcc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E0D8352A531826D32437547C43FC97A848F06B61F200466FB58594C38BF124B00BFD
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0020F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00210D71,?,?,?,001F100A), ref: 0020F7CE
                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,001F100A), ref: 00210D75
                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,001F100A), ref: 00210D84
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00210D7F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                            • Opcode ID: c83ca7069daa1210bb8d97b1b1700fd1de1a562f936ade82d246b6975599b276
                                                                                                                                                                                                                                                            • Instruction ID: a775b1096bbad9606960e0835712da864ab5bb34d14051f1d589ce0ecae1c55f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c83ca7069daa1210bb8d97b1b1700fd1de1a562f936ade82d246b6975599b276
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34E065742113418BD3709F78F5487427BE0EB14744F00492DE485C6696DBF4E4948BA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0020E3D5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                            • String ID: 0%,$8%,
                                                                                                                                                                                                                                                            • API String ID: 1385522511-3109821673
                                                                                                                                                                                                                                                            • Opcode ID: 10aef984d289ea5728f41d5605d5174f6102e5f6f42bef89f9e9712d19adc5fd
                                                                                                                                                                                                                                                            • Instruction ID: 472e3ffad7d6d2c5765dc457d968392386ac6e99cbb44070300b63db71f0d1d0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10aef984d289ea5728f41d5605d5174f6102e5f6f42bef89f9e9712d19adc5fd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38E02031434F10CBCF0C9718B698E9D3751AB0536079105E8F519871D39F7058D58944
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0026302F
                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00263044
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                            • Opcode ID: 72cf064d7dfcd39c092b55ad5a472d7e7efe3fd3146ea9ac263b589d314ae2b8
                                                                                                                                                                                                                                                            • Instruction ID: a59a971cb872f4f5469e9273cd2cfcc0a8ac52be90449852ad9ab9cbcb957c24
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72cf064d7dfcd39c092b55ad5a472d7e7efe3fd3146ea9ac263b589d314ae2b8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BD05E7650132867DA20A7A4AC0EFCB3A6CDB05750F0002A1BA55E20D5DBB4A984CBE0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                            • Opcode ID: 6cae309b9153e658e72243ef99fd42296f12dc69c48a2c0d429ba31b751e3d80
                                                                                                                                                                                                                                                            • Instruction ID: 0805f65c6159f01d4b27c12e6c3e8448cf5a4b3836e732e6a30b25435bb1aa06
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cae309b9153e658e72243ef99fd42296f12dc69c48a2c0d429ba31b751e3d80
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85D01271839209EACB94D6D0DC498B9B3BCBB08341F608452FD0691082D6F4D5286B61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0028232C
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0028233F
                                                                                                                                                                                                                                                              • Part of subcall function 0025E97B: Sleep.KERNEL32 ref: 0025E9F3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                            • Opcode ID: 116c4a45a86d28cd9e4c50d6b335e189f4138c0fc0c5e105a815aa8b47dbf058
                                                                                                                                                                                                                                                            • Instruction ID: d2d5cc9cd0ea0157f551c78e9232dc886cb9163c09a8f8352584a1b3f988b797
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 116c4a45a86d28cd9e4c50d6b335e189f4138c0fc0c5e105a815aa8b47dbf058
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1D0223A3E1310B7EA6CB330EC0FFC6BA089B00B01F2049127705AA0D0CAF4A805CB24
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0028236C
                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00282373
                                                                                                                                                                                                                                                              • Part of subcall function 0025E97B: Sleep.KERNEL32 ref: 0025E9F3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                            • Opcode ID: 812cea082fd88f8bae477e59ca1b12235e08ba1874ce36c9b33d892c850b6dc6
                                                                                                                                                                                                                                                            • Instruction ID: 251cb062f230c27d7db914a889a51b6a6cf7b1fb3fba1f00242e0d8bf81645b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 812cea082fd88f8bae477e59ca1b12235e08ba1874ce36c9b33d892c850b6dc6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7ED0A9363D23107AEA68A330AC0FFC6A6089B01B01F2049127601AA0D0CAB4A8058B28
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0022BE93
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0022BEA1
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0022BEFC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2842954627.00000000001F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2842924233.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.000000000028C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843131967.00000000002B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843375107.00000000002BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2843414999.00000000002C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1f0000_file.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                            • Opcode ID: 43c181e083003b0cc641d058f26ee9d27d694e99c8e23d324ec64fd618d7ecfb
                                                                                                                                                                                                                                                            • Instruction ID: fd8f0c939ef7e34c14b33df05aae67fd56e79c7059d51d658b752181f51d3cf7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43c181e083003b0cc641d058f26ee9d27d694e99c8e23d324ec64fd618d7ecfb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69411C35624227BFCF228FE4ED44ABA7BA5EF41310F254159F969571A1DB308C20CF60