Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1540486
MD5:46686bc4d44f9895b418d26ddfae6ad2
SHA1:02085f499a4d5d6ce5b951e734f50460b8620aff
SHA256:29b8dd6eca8c2ab49050c72c74b7381ff3639c3c7beea308b503a23e08c55819
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 46686BC4D44F9895B418D26DDFAE6AD2)
    • taskkill.exe (PID: 7328 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7432 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7488 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7552 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7624 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7692 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7728 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7744 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5c25c4-3757-459e-b4ac-58f736293a5e} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da6d710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7304 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -parentBuildID 20230927232528 -prefsHandle 2784 -prefMapHandle 2968 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67afcd-37bf-4c91-a883-2013733a1af7} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da7aa10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2536 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 1540 -prefsLen 31144 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aee006-b1dd-409e-9761-e4998fb38d01} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a1f275f10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7312JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 47%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49749 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.113.100:443 -> 192.168.2.4:59451 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59501 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59502 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59503 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59509 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59510 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59511 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59512 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1842469518.0000022A1D0DF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1861342674.0000022A1D0ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861020484.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1861342674.0000022A1D0ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861020484.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1860621448.0000022A1D0E3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1856393020.0000022A1D07D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1842469518.0000022A1D0DF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1860621448.0000022A1D0E3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1856393020.0000022A1D07D000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00ECDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED68EE FindFirstFileW,FindClose,0_2_00ED68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00ED698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00ECD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00ECD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00ED9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00ED979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00ED9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00ED5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 206MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.100
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00EDCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917737256.0000022A21F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904560019.0000022A2768E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917737256.0000022A21F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912432270.0000022A25E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1913200196.0000022A25DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917737256.0000022A21F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904560019.0000022A2768E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917737256.0000022A21F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912432270.0000022A25E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1926180136.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915662606.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290300A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1926180136.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915662606.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290300A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1926180136.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915662606.0000022A25753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290300A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1913200196.0000022A25DF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1913200196.0000022A25DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1953447779.0000022A1F274000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1912054930.0000022A26310000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1938816713.0000022A1F2AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959091442.0000022A2570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.1940562901.0000022A25C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1948096618.0000022A1F2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1953393954.0000022A1F281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912432270.0000022A25E55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1892575481.0000022A26018000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1819953143.0000022A26018000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1814379477.0000022A26018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1764963634.0000022A1D9FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1821291180.0000022A26096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919162025.0000022A20D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874375135.0000022A1F67B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794485042.0000022A1DDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1881658480.0000022A26090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2602D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920565325.0000022A2036F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A260A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894394380.0000022A1F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853020721.0000022A1D9DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911070028.0000022A260A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1811284999.0000022A2601F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787643538.0000022A2580D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2609E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790644667.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785957943.0000022A2582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813289732.0000022A260B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917822352.0000022A21F39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919273442.0000022A20D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914023858.0000022A25831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914023858.0000022A25831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1861020484.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861536980.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1788593985.0000022A1FDEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933643000.0000022A1FCA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933892909.0000022A1FC6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904560019.0000022A27657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1933643000.0000022A1FCA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
    Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952484484.0000022A2003C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.1941388632.0000022A20E56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951526362.0000022A20E5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: file.exe, 00000000.00000002.1772776601.0000000001038000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834354180.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849943802.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1847512335.0000022A274D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835511084.0000022A2743E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837782708.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834354180.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1833571108.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1839574133.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1833462669.0000022A2743C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885239349.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1938760777.0000022A1F2BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1888803604.0000022A274E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836722726.0000022A2743E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1827244548.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836976423.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1833571108.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1827244548.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837782708.0000022A274E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1886740514.0000022A2743E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1936342723.0000022A26324000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912054930.0000022A26324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000D.00000003.1927434123.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917294397.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958143685.0000022A258E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923726403.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907924985.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913607326.0000022A258E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1941388632.0000022A20E56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951526362.0000022A20E5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1929858313.0000022A200CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1945462352.0000022A1F983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953447779.0000022A1F274000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930409803.0000022A200C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1959091442.0000022A2570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1828657551.0000022A27676000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948339088.0000022A27683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904560019.0000022A27674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser/appmenu.ftl
    Source: firefox.exe, 0000000D.00000003.1912432270.0000022A25E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000D.00000003.1820548283.0000022A1F6A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1820361880.0000022A1F6AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1817732096.0000022A27410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A2604D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A2604D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816835329.0000022A1F6B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816835329.0000022A1F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817265365.0000022A1F67A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1820361880.0000022A1F6AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820982995.0000022A27080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A26035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820503943.0000022A1F6AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1816835329.0000022A1F6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A2604D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1817617
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A26062000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1816835329.0000022A1F6B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000D.00000003.1816835329.0000022A1F6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=806991
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A26035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A26062000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A26035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=815437
    Source: firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A26062000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=951422
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1821291180.0000022A26096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810751731.0000022A25DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913331075.0000022A25DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912432270.0000022A25E0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 00000010.00000002.2965385110.000002290305F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.0000022903012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA513000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1804785197.0000022A25F5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805739500.0000022A25E1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805739500.0000022A25E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000D.00000003.1806364630.0000022A26004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804785197.0000022A25F46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805739500.0000022A25E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000D.00000003.1804785197.0000022A25F5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806068065.0000022A25DEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805739500.0000022A25E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
    Source: firefox.exe, 0000000D.00000003.1796308801.0000022A1F0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805668410.0000022A25E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1948339088.0000022A27683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904560019.0000022A27674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1904560019.0000022A2766D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1912432270.0000022A25E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000010.00000002.2965385110.000002290305F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.0000022903012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA513000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000D.00000003.1959091442.0000022A2570E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290305F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290302F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1926017743.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1941025480.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914188210.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937260867.0000022A257F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1952849989.0000022A1FD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1926017743.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1941025480.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914188210.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937260867.0000022A257F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1926017743.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1941025480.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914188210.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937260867.0000022A257F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1926017743.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1941025480.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914188210.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937260867.0000022A257F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1862966223.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790644667.0000022A2593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1862966223.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790644667.0000022A2593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1918064296.0000022A21F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.1914277247.0000022A257A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951165715.0000022A257C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1885728018.0000022A222A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834354180.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1833571108.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1824170348.0000022A274BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1827244548.0000022A274CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905543725.0000022A27613000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1841763209.0000022A222A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1930524861.0000022A20065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000D.00000003.1917737256.0000022A21F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958143685.0000022A258DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1941388632.0000022A20EBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951526362.0000022A20EBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1948168423.0000022A1F293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/aeb6cdfa-4cb0-4804-b03a-d76
    Source: firefox.exe, 0000000D.00000003.1940562901.0000022A25C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/73893032-5aef-4f8e-a6bb-7621f
    Source: firefox.exe, 0000000D.00000003.1912432270.0000022A25E55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1829898945.0000022A275F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/839e50bc-0c30-4d9f-8d00-d463
    Source: firefox.exe, 0000000D.00000003.1912432270.0000022A25E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/a4a69e47-2ae7-4ba2-be23-e8d70
    Source: firefox.exe, 0000000D.00000003.1948168423.0000022A1F293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/01d5b994-72b8-4eb6
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit7h_
    Source: firefox.exe, 0000000D.00000003.1926017743.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1941025480.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914188210.0000022A257F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937260867.0000022A257F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1843268676.0000022A1D065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1930524861.0000022A20097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1951165715.0000022A257C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000D.00000003.1953447779.0000022A1F274000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1821291180.0000022A26096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810751731.0000022A25DDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.1955447149.0000022A1EFF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1955447149.0000022A1EFF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.1941834078.0000022A20DB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928517442.0000022A20DB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918129695.0000022A20DB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000010.00000002.2965385110.000002290305F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.0000022903012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA513000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1913265326.0000022A25DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000D.00000003.1785957943.0000022A2582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userp
    Source: firefox.exe, 0000000D.00000003.1927434123.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917294397.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923726403.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907924985.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000D.00000003.1927434123.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917294397.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923726403.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907924985.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000D.00000003.1796308801.0000022A1F0D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805668410.0000022A25E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 0000000D.00000003.1796308801.0000022A1F0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805668410.0000022A25E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000D.00000003.1923263990.0000022A2637A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error?1
    Source: firefox.exe, 0000000D.00000003.1828657551.0000022A276B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915588745.0000022A27642000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905543725.0000022A27642000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1918129695.0000022A20D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928517442.0000022A20D87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000D.00000003.1913331075.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1914277247.0000022A257A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951165715.0000022A257C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913331075.0000022A25DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1944242044.0000022A20130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1925702075.0000022A25829000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914023858.0000022A25829000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1913607326.0000022A258CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958143685.0000022A258CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1790400714.0000022A259E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791507371.0000022A259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1815613753.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913331075.0000022A25DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1905543725.0000022A27642000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1932459452.0000022A2002D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952688481.0000022A1FDAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914023858.0000022A25815000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1806364630.0000022A26004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804785197.0000022A25F46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805739500.0000022A25E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1918129695.0000022A20D5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945000359.0000022A20020000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1916758481.0000022A21F6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/C:
    Source: firefox.exe, 0000000D.00000003.1913331075.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000D.00000003.1907924985.0000022A25F54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290300A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA50C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.1933525272.0000022A1FCBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1926474732.0000022A25724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913826483.0000022A2586A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785957943.0000022A25888000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940793683.0000022A2586A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.2964326694.00000212CA4F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 0000000D.00000003.1940562901.0000022A25C7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1841763209.0000022A222A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2964190223.000001B13D260000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2964190223.000001B13D26A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966686702.000001B13D5C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2964582558.0000022902DFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2964582558.0000022902DF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2970336986.0000022903154000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2964326694.00000212CA4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2963487618.00000212CA47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1742459682.0000026957710000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1748542745.000001A717959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000D.00000003.1747565761.0000022A0F657000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2964190223.000001B13D260000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966686702.000001B13D5C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2964582558.0000022902DF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2970336986.0000022903154000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2964326694.00000212CA4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2963487618.00000212CA470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000011.00000002.2963487618.00000212CA470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwda
    Source: firefox.exe, 00000011.00000002.2963487618.00000212CA47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdu
    Source: firefox.exe, 0000000D.00000003.1913826483.0000022A2586A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940793683.0000022A2586A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/p
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59502 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59451 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59511 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59503 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59451
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59452
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59501
    Source: unknownNetwork traffic detected: HTTP traffic on port 59452 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 59509 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59509
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59503
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59502
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59510
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59512
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59511
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59512 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59501 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59646
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59510 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 59646 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49749 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.113.100:443 -> 192.168.2.4:59451 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59501 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59502 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59503 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59509 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59510 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59511 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:59512 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00EDEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00EDED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00EDEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00ECAA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00EF9576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f822bf5e-a
    Source: file.exe, 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_09601ed0-5
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_09d39a27-a
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_be2f2809-9
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000229034F7037 NtQuerySystemInformation,16_2_00000229034F7037
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000022903514272 NtQuerySystemInformation,16_2_0000022903514272
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00ECD5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00EC1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00ECE8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E680600_2_00E68060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED20460_2_00ED2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC82980_2_00EC8298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E9E4FF0_2_00E9E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E9676B0_2_00E9676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF48730_2_00EF4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6CAF00_2_00E6CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E8CAA00_2_00E8CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7CC390_2_00E7CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E96DD90_2_00E96DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7D0630_2_00E7D063
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E691C00_2_00E691C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7B1190_2_00E7B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E813940_2_00E81394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E817060_2_00E81706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E8781B0_2_00E8781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E819B00_2_00E819B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7997D0_2_00E7997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E679200_2_00E67920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E87A4A0_2_00E87A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E87CA70_2_00E87CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E81C770_2_00E81C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E99EEE0_2_00E99EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEBE440_2_00EEBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E81F320_2_00E81F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000229034F703716_2_00000229034F7037
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002290351427216_2_0000022903514272
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002290351499C16_2_000002290351499C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000229035142B216_2_00000229035142B2
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00E80A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00E7F9F2 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/36@67/13
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED37B5 GetLastError,FormatMessageW,0_2_00ED37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC10BF AdjustTokenPrivileges,CloseHandle,0_2_00EC10BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00EC16C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00ED51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00ECD4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00ED648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00E642A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7632:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1906114401.0000022A2752E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1952427193.0000022A2003E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932459452.0000022A2002F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 47%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5c25c4-3757-459e-b4ac-58f736293a5e} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da6d710 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -parentBuildID 20230927232528 -prefsHandle 2784 -prefMapHandle 2968 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67afcd-37bf-4c91-a883-2013733a1af7} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da7aa10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 1540 -prefsLen 31144 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aee006-b1dd-409e-9761-e4998fb38d01} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a1f275f10 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5c25c4-3757-459e-b4ac-58f736293a5e} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da6d710 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -parentBuildID 20230927232528 -prefsHandle 2784 -prefMapHandle 2968 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67afcd-37bf-4c91-a883-2013733a1af7} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da7aa10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 1540 -prefsLen 31144 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aee006-b1dd-409e-9761-e4998fb38d01} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a1f275f10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1842469518.0000022A1D0DF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1861342674.0000022A1D0ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861020484.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1861342674.0000022A1D0ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861020484.0000022A1D0DD000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1860621448.0000022A1D0E3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1856393020.0000022A1D07D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1842469518.0000022A1D0DF000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1860621448.0000022A1D0E3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1856393020.0000022A1D07D000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00E642DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E80A76 push ecx; ret 0_2_00E80A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00E7F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00EF1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95187
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000229034F7037 rdtsc 16_2_00000229034F7037
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00ECDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED68EE FindFirstFileW,FindClose,0_2_00ED68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00ED698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00ECD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00ECD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00ED9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00ED979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00ED9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00ED5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00E642DE
    Source: firefox.exe, 00000010.00000002.2964582558.0000022902DFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^[
    Source: firefox.exe, 0000000F.00000002.2964190223.000001B13D26A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
    Source: firefox.exe, 00000010.00000002.2971356705.00000229035B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
    Source: firefox.exe, 0000000F.00000002.2972551047.000001B13D800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllqU~!
    Source: firefox.exe, 00000010.00000002.2971356705.00000229035B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2970843822.00000212CA800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.2971432039.000001B13D716000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 0000000F.00000002.2972551047.000001B13D800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW._
    Source: firefox.exe, 0000000F.00000002.2972551047.000001B13D800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla]
    Source: firefox.exe, 00000011.00000002.2963487618.00000212CA47A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: firefox.exe, 0000000F.00000002.2964190223.000001B13D296000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
    Source: firefox.exe, 0000000F.00000002.2972551047.000001B13D800000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2971356705.00000229035B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000229034F7037 rdtsc 16_2_00000229034F7037
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDEAA2 BlockInput,0_2_00EDEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E92622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00E642DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E84CE8 mov eax, dword ptr fs:[00000030h]0_2_00E84CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00EC0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E92622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E8083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E8083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E809D5 SetUnhandledExceptionFilter,0_2_00E809D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E80C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E80C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00EC1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EA2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00EA2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECB226 SendInput,keybd_event,0_2_00ECB226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00EE22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00EC0B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00EC1663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000D.00000003.1849017302.0000022A28E01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E80698 cpuid 0_2_00E80698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00ED8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EBD27A GetUserNameW,0_2_00EBD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E9BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00E9BB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00E642DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00EE1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00EE1806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540486 Sample: file.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 226 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 142.250.113.100, 443, 59451 GOOGLEUS United States 19->51 53 youtube.com 142.250.186.46, 443, 49738, 49739 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
    http://www.mozilla.com00%URL Reputationsafe
    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
    https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
    https://spocs.getpocket.com/spocs0%URL Reputationsafe
    https://shavar.services.mozilla.com0%URL Reputationsafe
    https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
    https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
    https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
    https://monitor.firefox.com/breach-details/0%URL Reputationsafe
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def0%URL Reputationsafe
    https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
    https://api.accounts.firefox.com/v10%URL Reputationsafe
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
    https://MD8.mozilla.org/1/m0%URL Reputationsafe
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
    https://bugzilla.mo0%URL Reputationsafe
    https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
    https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
    https://shavar.services.mozilla.com/0%URL Reputationsafe
    https://spocs.getpocket.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
    https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
    https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=11701430%URL Reputationsafe
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
    https://monitor.firefox.com/about0%URL Reputationsafe
    https://account.bellmedia.c0%URL Reputationsafe
    https://login.microsoftonline.com0%URL Reputationsafe
    https://coverage.mozilla.org0%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    https://www.zhihu.com/0%URL Reputationsafe
    http://x1.c.lencr.org/00%URL Reputationsafe
    http://x1.i.lencr.org/00%URL Reputationsafe
    https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
    https://blocked.cdn.mozilla.net/0%URL Reputationsafe
    https://profiler.firefox.com0%URL Reputationsafe
    https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=7938690%URL Reputationsafe
    https://identity.mozilla.com/apps/relay0%URL Reputationsafe
    https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
    https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
    https://monitor.firefox.com/user/preferences0%URL Reputationsafe
    https://screenshots.firefox.com/0%URL Reputationsafe
    https://gpuweb.github.io/gpuweb/0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
    https://www.olx.pl/0%URL Reputationsafe
    https://poczta.interia.pl/mh/?mailto=%s0%URL Reputationsafe
    https://watch.sling.com/0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      unknown
      star-mini.c10r.facebook.com
      157.240.251.35
      truefalse
        unknown
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          unknown
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            unknown
            twitter.com
            104.244.42.129
            truefalse
              unknown
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                unknown
                services.addons.mozilla.org
                151.101.193.91
                truefalse
                  unknown
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    unknown
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      unknown
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        unknown
                        youtube.com
                        142.250.186.46
                        truefalse
                          unknown
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            unknown
                            youtube-ui.l.google.com
                            216.58.212.142
                            truefalse
                              unknown
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                unknown
                                reddit.map.fastly.net
                                151.101.129.140
                                truefalse
                                  unknown
                                  ipv4only.arpa
                                  192.0.0.170
                                  truefalse
                                    unknown
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      unknown
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        unknown
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          unknown
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            unknown
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              unknown
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                unknown
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1678942firefox.exe, 0000000D.00000003.1816835329.0000022A1F6DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000011.00000002.2965093867.00000212CA586000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1913265326.0000022A25DE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1955447149.0000022A1EFF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.1927434123.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917294397.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958143685.0000022A258E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923726403.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907924985.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913607326.0000022A258E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1938588582.0000022A1F2E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1815613753.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913331075.0000022A25DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://www.msn.comfirefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000D.00000003.1796308801.0000022A1F0D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805668410.0000022A25E45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://youtube.com/firefox.exe, 0000000D.00000003.1926474732.0000022A25724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913826483.0000022A2586A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785957943.0000022A25888000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940793683.0000022A2586A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                  unknown
                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://www.amazon.com/firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                        unknown
                                                                                        https://www.youtube.com/firefox.exe, 0000000D.00000003.1907924985.0000022A25F54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.000002290300A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA50C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            http://127.0.0.1:firefox.exe, 0000000D.00000003.1953447779.0000022A1F274000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1815613753.0000022A2604D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816835329.0000022A1F6B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816835329.0000022A1F6D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1817265365.0000022A1F67A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1821291180.0000022A26096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810751731.0000022A25DDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://bugzilla.mofirefox.exe, 0000000D.00000003.1912432270.0000022A25E28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000D.00000003.1927434123.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917294397.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923726403.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907924985.0000022A25FB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                unknown
                                                                                                https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1955447149.0000022A1EFF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://spocs.getpocket.com/firefox.exe, 00000010.00000002.2965385110.000002290305F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.0000022903012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA513000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1764963634.0000022A1D9FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1821291180.0000022A26096000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919162025.0000022A20D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874375135.0000022A1F67B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794485042.0000022A1DDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1881658480.0000022A26090000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2602D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920565325.0000022A2036F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A260A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894394380.0000022A1F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853020721.0000022A1D9DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911070028.0000022A260A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1811284999.0000022A2601F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787643538.0000022A2580D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2609E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790644667.0000022A2593B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785957943.0000022A2582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813289732.0000022A260B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917822352.0000022A21F39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919273442.0000022A20D21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1919581718.0000022A203AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://www.reddit.com/C:firefox.exe, 0000000D.00000003.1916758481.0000022A21F6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000D.00000003.1796308801.0000022A1F0B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805668410.0000022A25E45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://www.zhihu.com/firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1911763063.0000022A276BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904145281.0000022A276B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1790029545.0000022A2594C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862966223.0000022A2595C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789607426.0000022A25952000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://profiler.firefox.comfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000D.00000003.1816835329.0000022A1F6B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000000D.00000003.1930524861.0000022A20065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1918129695.0000022A20D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928517442.0000022A20D87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1820361880.0000022A1F6AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820982995.0000022A27080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1815613753.0000022A26035000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820503943.0000022A1F6AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        unknown
                                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1953862358.0000022A1F1DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.2967276793.000001B13D6E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2965385110.00000229030F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2965093867.00000212CA5C7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1912432270.0000022A25E55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://www.google.com/searchfirefox.exe, 0000000D.00000003.1815613753.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753210691.0000022A1D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913331075.0000022A25DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752694283.0000022A1D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870816883.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1753038667.0000022A1D55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822151697.0000022A2604A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752480109.0000022A1D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752879908.0000022A1D53C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://gpuweb.github.io/gpuweb/firefox.exe, 0000000D.00000003.1787643538.0000022A25805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://spocs.getpocket.com/userpfirefox.exe, 0000000D.00000003.1785957943.0000022A2582D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.2966448976.000001B13D550000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2964322665.0000022902DB0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2970493907.00000212CA660000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://twitter.com/firefox.exe, 0000000D.00000003.1905923723.0000022A275F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952213062.0000022A20143000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://www.olx.pl/firefox.exe, 0000000D.00000003.1952688481.0000022A1FDB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000D.00000003.1820361880.0000022A1F6AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820914240.0000022A27065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=951422firefox.exe, 0000000D.00000003.1815613753.0000022A26062000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000D.00000003.1756139376.0000022A1CD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897337799.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1897670213.0000022A1CD39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1755999924.0000022A1CD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1754818987.0000022A1CD33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://www.google.com/complete/searchfirefox.exe, 0000000D.00000003.1790400714.0000022A259E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791507371.0000022A259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://watch.sling.com/firefox.exe, 0000000D.00000003.1913331075.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950671599.0000022A25DD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs
                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            142.250.186.46
                                                                                                                            youtube.comUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            34.149.100.209
                                                                                                                            prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                            2686ATGS-MMD-ASUSfalse
                                                                                                                            34.107.243.93
                                                                                                                            push.services.mozilla.comUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            34.107.221.82
                                                                                                                            prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            35.244.181.201
                                                                                                                            prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            34.117.188.166
                                                                                                                            contile.services.mozilla.comUnited States
                                                                                                                            139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                            151.101.193.91
                                                                                                                            services.addons.mozilla.orgUnited States
                                                                                                                            54113FASTLYUSfalse
                                                                                                                            35.201.103.21
                                                                                                                            normandy-cdn.services.mozilla.comUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            35.190.72.216
                                                                                                                            prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            34.160.144.191
                                                                                                                            prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                            2686ATGS-MMD-ASUSfalse
                                                                                                                            142.250.113.100
                                                                                                                            unknownUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            34.120.208.123
                                                                                                                            telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                            15169GOOGLEUSfalse
                                                                                                                            IP
                                                                                                                            127.0.0.1
                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1540486
                                                                                                                            Start date and time:2024-10-23 20:28:09 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 7m 9s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:22
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:file.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal72.troj.evad.winEXE@34/36@67/13
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 50%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 95%
                                                                                                                            • Number of executed functions: 42
                                                                                                                            • Number of non-executed functions: 312
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 44.231.229.39, 52.13.186.250, 34.208.54.237, 2.18.121.73, 2.18.121.79, 216.58.206.46, 2.22.61.59, 2.22.61.56, 142.250.186.174, 142.250.185.138, 142.250.185.106
                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                            • VT rate limit hit for: file.exe
                                                                                                                            TimeTypeDescription
                                                                                                                            14:29:13API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                151.101.193.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.129.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                            star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.0.35
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 157.240.253.35
                                                                                                                                                                                                            https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 157.240.0.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.0.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.251.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.0.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.253.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.253.35
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 157.240.252.35
                                                                                                                                                                                                            https://u47792559.ct.sendgrid.net/ls/click?upn=u001.MTqDMK6JtN7-2FTdEWJaqfzKd0v6-2F2UOuEVy1BEbPOuF5keILEyv5G4zc7bYwMOjtQyDtk5ATinrPUw-2BgvaOWXHUf0WlANxRqRsC5bgIMsz92EI66c0h8LCsmVnWVsmrPpI9KQ1Av0wtymoWWp-2BKFae4c01wwTj4-2Bc4-2FShOuIMz-2FF27tFVz2F5x4MDQuxXoA4x-2Fcu5H-2Fg77L7jEH4g0Omwq5aK4Y93In2x8xkZN6RxAIHUAnsHSbv9dNDyMDxCYBpt8R83TA5F1J7zglSD-2FSW-2Fd0a8tRp-2BNOUEOuA6djXly5D90m0euJkmiQYtQdEfHSvFPkVrrFqe1nEZHhVloJzR8g5hLEAmRxDgSEFZK-2FqXqnJbl-2BhglFaTEl1wDvxHLUD1uO-2BTuQv6sNuFEeqs2cPheEWcAIXIzMhwOblNbCnyhCV7uIXv-2BFvLbplDjtKpe4BajklPEPnUOiLZHOZLqihj5rKl5QPX7eEc-2FNLKdxSbgeN6u9b-2FwUFYOEhm9BI4B0QB15u2_3kQhj-2Fx94AB656OfV1IXWVEpnawaSuVFYzZeIwKhrRxgV074ZsGZajrnF1U9GVvs6wJ3XBbA3C0q1Y56Q0AQRaWXh1LuzRLTE6iprhcEL7NrcuYjYDUm4vP90-2Bbj-2FhImYDtdIzFtzpuFA5WHpxfUL2yud9dV-2BDWDKpQXCYbpaPnNLCBzkbwUPBcNlUhkSGcYZOYh0eM13-2FQcBNO5FowRb8IXahZEeipzh9UlrLYhGMMEnA7-2FXj615c7jkys6xxIys08fJcymaARJFIlGVEZZIF-2BOZauL7nzVYt76SvvMjlOZShNBXavLnj35TUiU94p3hnTyULCHEKTNYpJWZhAYDMS7oO-2F1YN-2BGIX9GshP8SzvBn7iRk-2BEuMHNjQZSKm5nguAu4ENmR5Hg1doZby47RzA35RD-2BbHOJrasEoXA41le9LsvYyvJEzgXJ-2FiCTBWNoB2BfMGl-2BNVHQi18yc3h-2FOJYtN4eiiAdtc4eggH10ZDuSCfZ49kUepPeatorVmepe7HyIFRvSaHufZxfuRde01mg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 157.240.253.35
                                                                                                                                                                                                            twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.65
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 104.244.42.65
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.1
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 104.244.42.1
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 104.244.42.1
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                            FASTLYUShttps://talentrecruting.com/?Y3w2MDkxNzZ8d190cmF1MTEwRHx8fA0KfHxicnlhbi50LmJlYmJAc2FpYy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.1.229
                                                                                                                                                                                                            https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.131.8
                                                                                                                                                                                                            sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 167.83.156.144
                                                                                                                                                                                                            KERR SURVEYING LLC EE RFI#1.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.232.214.172
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.129.91
                                                                                                                                                                                                            https://boulos.pages.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 151.101.65.229
                                                                                                                                                                                                            https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 151.101.0.176
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            ATGS-MMD-ASUSarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 51.180.254.38
                                                                                                                                                                                                            arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 48.181.96.26
                                                                                                                                                                                                            m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 56.191.114.43
                                                                                                                                                                                                            la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 57.227.69.232
                                                                                                                                                                                                            sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 33.148.206.245
                                                                                                                                                                                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 36.0.65.102
                                                                                                                                                                                                            byte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                            • 48.54.4.55
                                                                                                                                                                                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 32.146.204.169
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            ATGS-MMD-ASUSarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 51.180.254.38
                                                                                                                                                                                                            arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 48.181.96.26
                                                                                                                                                                                                            m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 56.191.114.43
                                                                                                                                                                                                            la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 57.227.69.232
                                                                                                                                                                                                            sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 33.148.206.245
                                                                                                                                                                                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 36.0.65.102
                                                                                                                                                                                                            byte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                            • 48.54.4.55
                                                                                                                                                                                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 32.146.204.169
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                            • 142.250.113.100
                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                    Entropy (8bit):5.183140774783417
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:QYjMXHzEcbhbVbTbfbRbObtbyEl7njN5JA6WnSrDtTUd/SkDrU:3YAcNhnzFSJDNUBnSrDhUd/q
                                                                                                                                                                                                                                                    MD5:F8328BA8D073D9C1DADFAB00D139C4C8
                                                                                                                                                                                                                                                    SHA1:C4F4D5ABE037E61246C02731F97C68CBA010839C
                                                                                                                                                                                                                                                    SHA-256:487DCB1977EAA9722E43008D26EE920E521F8C9DD6B8B8B5BCA2C24D228FFDF1
                                                                                                                                                                                                                                                    SHA-512:F55D929AE3A9708A913D0C2562FC36847D794411A1DA3D44B4A2E623A085B9AC42D38DB7C6E9624A3B158770AFDBD3607E0AF65A64C40223F5273D56A32FEE61
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"9757b73c-6bdb-4de5-a745-d0006fa282f3","creationDate":"2024-10-23T20:17:00.213Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                    Entropy (8bit):5.183140774783417
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:QYjMXHzEcbhbVbTbfbRbObtbyEl7njN5JA6WnSrDtTUd/SkDrU:3YAcNhnzFSJDNUBnSrDhUd/q
                                                                                                                                                                                                                                                    MD5:F8328BA8D073D9C1DADFAB00D139C4C8
                                                                                                                                                                                                                                                    SHA1:C4F4D5ABE037E61246C02731F97C68CBA010839C
                                                                                                                                                                                                                                                    SHA-256:487DCB1977EAA9722E43008D26EE920E521F8C9DD6B8B8B5BCA2C24D228FFDF1
                                                                                                                                                                                                                                                    SHA-512:F55D929AE3A9708A913D0C2562FC36847D794411A1DA3D44B4A2E623A085B9AC42D38DB7C6E9624A3B158770AFDBD3607E0AF65A64C40223F5273D56A32FEE61
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"9757b73c-6bdb-4de5-a745-d0006fa282f3","creationDate":"2024-10-23T20:17:00.213Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                    Entropy (8bit):4.931121298792741
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNM95:8S+OfJQPUFpOdwNIOdYVjvYcXaNLv28P
                                                                                                                                                                                                                                                    MD5:DA27B8ECFF0265A4E8941C4504278FDA
                                                                                                                                                                                                                                                    SHA1:5C03869198F8FCB216701357EEEE2807E6874FAB
                                                                                                                                                                                                                                                    SHA-256:F82F0B1E01B908766550DE3569681EB87C2AD6F20642222082812E79E8D12AD4
                                                                                                                                                                                                                                                    SHA-512:169AC8F656254F420B8E39E9FD71F20D52D47F02D531B712FA4E4D07B5DCC8F5966CD5CE4068E67CB6BE898666B546CE41CC29968B88728420ED4B577892EB9F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                    Entropy (8bit):4.931121298792741
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNM95:8S+OfJQPUFpOdwNIOdYVjvYcXaNLv28P
                                                                                                                                                                                                                                                    MD5:DA27B8ECFF0265A4E8941C4504278FDA
                                                                                                                                                                                                                                                    SHA1:5C03869198F8FCB216701357EEEE2807E6874FAB
                                                                                                                                                                                                                                                    SHA-256:F82F0B1E01B908766550DE3569681EB87C2AD6F20642222082812E79E8D12AD4
                                                                                                                                                                                                                                                    SHA-512:169AC8F656254F420B8E39E9FD71F20D52D47F02D531B712FA4E4D07B5DCC8F5966CD5CE4068E67CB6BE898666B546CE41CC29968B88728420ED4B577892EB9F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5312
                                                                                                                                                                                                                                                    Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                    MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                    SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                    SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                    SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5312
                                                                                                                                                                                                                                                    Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                    MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                    SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                    SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                    SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                    Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                    MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                    SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                    SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                    SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                    Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                    MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                    SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                    SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                    SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                    Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                    MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                    SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                    SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                    SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                    Entropy (8bit):0.07325323142902025
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkir:DLhesh7Owd4+jir
                                                                                                                                                                                                                                                    MD5:5E1F0CD6223730EC0CD9BED561C0DA2A
                                                                                                                                                                                                                                                    SHA1:691FFEF1F2B15D828BF2944ADD963727FA432E4A
                                                                                                                                                                                                                                                    SHA-256:8C50B57570D16DE0F3B9BECDFD67F42E19F8289A5F1B7E54484F3BF4A35C9F3E
                                                                                                                                                                                                                                                    SHA-512:E7D785C1208714DA4387E5DA3AB6B6CCF725D76EDF6A79BB541F10EA9E2BC96E96C7A9C432C0FCF7CA2A77228E5AF1C0F4697ED32232EE4D21CAFD0BA0821049
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                    Entropy (8bit):0.035615874395153645
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:GtlstFgIHxpmkES3S/3lstFgIHxpmkES3tlL89//alEl:GtWti0mkESCWti0mkESdx89XuM
                                                                                                                                                                                                                                                    MD5:947FDAF7E3FA09D6E78A0A7C8873FA27
                                                                                                                                                                                                                                                    SHA1:BD6F0898B0065E480DB07E5F118ABEECE7BA8BA0
                                                                                                                                                                                                                                                    SHA-256:51C3EAFE12A12F356F1086F5EDC30CBA6489BE017E81693824E0307EECE00410
                                                                                                                                                                                                                                                    SHA-512:875BCC2A8EDB2225772F350C1BDAE43A916B776CFCA2A3A2A4E09A514A91124028D5CC58DCCC4133236D897BDB07861B9F063A49B54D43DB255915002108FA53
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..-.......................;...Z....`....Q..|...R..-.......................;...Z....`....Q..|...R........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):32824
                                                                                                                                                                                                                                                    Entropy (8bit):0.03987425719201705
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Ol1JzFxMe/lo/fQtzev2U9h7l8rEXsxdwhml8XW3R2:KDFyKoO1ULl8dMhm93w
                                                                                                                                                                                                                                                    MD5:1F93D0BB993A94C8DFFD2339693DA175
                                                                                                                                                                                                                                                    SHA1:E80D1C21FD47ABEDD21C07213A06487DFC71B2D1
                                                                                                                                                                                                                                                    SHA-256:3C5784EA1D756D5F3646E063CC1D6BB5687D6D2B04529284A00A20FA0F29B2BB
                                                                                                                                                                                                                                                    SHA-512:7E732BB30A0042C010B7379E61465523F1A51C7002478352AED0FB0CF42EAD7214289B21C273FA268A745AC5F01E9FE6968B4D665F7F3DDDAFE07BED2DBB24A8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:7....-.............`....6]....:............`.....;...Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):13254
                                                                                                                                                                                                                                                    Entropy (8bit):5.495829712095703
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:lnaRtLYbBp6Ohj4qyaaXJ6K9eNnJ5RfGNBw8dKSl:Iegq/eKdcwh0
                                                                                                                                                                                                                                                    MD5:D5ACE7F842BDDC487BFA18BB97676F2E
                                                                                                                                                                                                                                                    SHA1:7A9EC5BC2362BD5576EC4DA581ADDD8E020373DB
                                                                                                                                                                                                                                                    SHA-256:BC64A0F6CF6B63B4408616FF8280735EC170D324BD97CB58866A35C907B42039
                                                                                                                                                                                                                                                    SHA-512:FDCA4C3A15AEC8A843CFE47BB0ED4F98908465492681CE196531A8580B71037DB745D19029F0323261AA2A16595ED5A534B28E5A6636F4EE310FA76AB4725E77
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729714589);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729714589);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729714589);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172971
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):13254
                                                                                                                                                                                                                                                    Entropy (8bit):5.495829712095703
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:lnaRtLYbBp6Ohj4qyaaXJ6K9eNnJ5RfGNBw8dKSl:Iegq/eKdcwh0
                                                                                                                                                                                                                                                    MD5:D5ACE7F842BDDC487BFA18BB97676F2E
                                                                                                                                                                                                                                                    SHA1:7A9EC5BC2362BD5576EC4DA581ADDD8E020373DB
                                                                                                                                                                                                                                                    SHA-256:BC64A0F6CF6B63B4408616FF8280735EC170D324BD97CB58866A35C907B42039
                                                                                                                                                                                                                                                    SHA-512:FDCA4C3A15AEC8A843CFE47BB0ED4F98908465492681CE196531A8580B71037DB745D19029F0323261AA2A16595ED5A534B28E5A6636F4EE310FA76AB4725E77
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729714589);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729714589);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729714589);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172971
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                    MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                    SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                    SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                    SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):493
                                                                                                                                                                                                                                                    Entropy (8bit):4.968591541576308
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:YZFgM2RZFonIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YEASlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                    MD5:FBE21D75AA94894DC24929C4269609B7
                                                                                                                                                                                                                                                    SHA1:43AFA00C3881CC2DABA048CEFDF9E8DCCC8EB5FF
                                                                                                                                                                                                                                                    SHA-256:EBECCE950AA9F37B0532ABA27C68943E992E8352FC5FFD3FABCB9CA7DBB4B81F
                                                                                                                                                                                                                                                    SHA-512:6099D54CEE1179321E3671995DE5E8D5405D2EDD3738B4DC0F1781D6A8818897B6BCBAC0944466B6C75D45D2EB976197EBF685FE5237F199E931EC2AC019CE1C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"type":"health","id":"bab36f8d-3b5d-4466-b97b-66b2c2c048af","creationDate":"2024-10-23T20:17:00.863Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                    Size (bytes):493
                                                                                                                                                                                                                                                    Entropy (8bit):4.968591541576308
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12:YZFgM2RZFonIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YEASlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                    MD5:FBE21D75AA94894DC24929C4269609B7
                                                                                                                                                                                                                                                    SHA1:43AFA00C3881CC2DABA048CEFDF9E8DCCC8EB5FF
                                                                                                                                                                                                                                                    SHA-256:EBECCE950AA9F37B0532ABA27C68943E992E8352FC5FFD3FABCB9CA7DBB4B81F
                                                                                                                                                                                                                                                    SHA-512:6099D54CEE1179321E3671995DE5E8D5405D2EDD3738B4DC0F1781D6A8818897B6BCBAC0944466B6C75D45D2EB976197EBF685FE5237F199E931EC2AC019CE1C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"type":"health","id":"bab36f8d-3b5d-4466-b97b-66b2c2c048af","creationDate":"2024-10-23T20:17:00.863Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1570
                                                                                                                                                                                                                                                    Entropy (8bit):6.33136721249899
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSANELXnIgD/pnxQwRlszT5sKtV3eHVQj6TSamhujJlOsIomNVrsDgX:GUpOxU1nR633eHTS4JlICR4
                                                                                                                                                                                                                                                    MD5:34EEC804A00FEE3C1A5EB017A7C9B5BC
                                                                                                                                                                                                                                                    SHA1:732782C5B1DDEC7DE3051D399A4FD1335EB4F7F7
                                                                                                                                                                                                                                                    SHA-256:328BEEF1D8E710F354395B93E6CD90AD9572F42AB64A2E20201FABD54B66E319
                                                                                                                                                                                                                                                    SHA-512:7D936433F745E94D905992C787F16600CC3860DCD75869322F7EBE6738815498FF625FDF9CD377553176F52CC65CA174EA9355F47E966E0C7B0D750CD32CA3C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{19f01daa-71a3-447a-adeb-11ceabdf9a49}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729714595107,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P59365...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...63708,"originA...."f
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1570
                                                                                                                                                                                                                                                    Entropy (8bit):6.33136721249899
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSANELXnIgD/pnxQwRlszT5sKtV3eHVQj6TSamhujJlOsIomNVrsDgX:GUpOxU1nR633eHTS4JlICR4
                                                                                                                                                                                                                                                    MD5:34EEC804A00FEE3C1A5EB017A7C9B5BC
                                                                                                                                                                                                                                                    SHA1:732782C5B1DDEC7DE3051D399A4FD1335EB4F7F7
                                                                                                                                                                                                                                                    SHA-256:328BEEF1D8E710F354395B93E6CD90AD9572F42AB64A2E20201FABD54B66E319
                                                                                                                                                                                                                                                    SHA-512:7D936433F745E94D905992C787F16600CC3860DCD75869322F7EBE6738815498FF625FDF9CD377553176F52CC65CA174EA9355F47E966E0C7B0D750CD32CA3C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{19f01daa-71a3-447a-adeb-11ceabdf9a49}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729714595107,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P59365...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...63708,"originA...."f
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1570
                                                                                                                                                                                                                                                    Entropy (8bit):6.33136721249899
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSANELXnIgD/pnxQwRlszT5sKtV3eHVQj6TSamhujJlOsIomNVrsDgX:GUpOxU1nR633eHTS4JlICR4
                                                                                                                                                                                                                                                    MD5:34EEC804A00FEE3C1A5EB017A7C9B5BC
                                                                                                                                                                                                                                                    SHA1:732782C5B1DDEC7DE3051D399A4FD1335EB4F7F7
                                                                                                                                                                                                                                                    SHA-256:328BEEF1D8E710F354395B93E6CD90AD9572F42AB64A2E20201FABD54B66E319
                                                                                                                                                                                                                                                    SHA-512:7D936433F745E94D905992C787F16600CC3860DCD75869322F7EBE6738815498FF625FDF9CD377553176F52CC65CA174EA9355F47E966E0C7B0D750CD32CA3C8
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{19f01daa-71a3-447a-adeb-11ceabdf9a49}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729714595107,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P59365...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...63708,"originA...."f
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                    Entropy (8bit):5.032922336133227
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYZ6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycZyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                    MD5:D3E51A3F060F6330917199A7CE9F83F5
                                                                                                                                                                                                                                                    SHA1:F6D2C4B4E81459CFAB9FA28F2D9C3270D0F4F311
                                                                                                                                                                                                                                                    SHA-256:F6F502DA929BCB17FFC5C104B08AC89B771B665B88C58A7805D4BC432E4F5D05
                                                                                                                                                                                                                                                    SHA-512:7EC3FD719BC349B837E7C2BA2E50415B7353C27244FEDF23C1A8DB849DEBCF77DC04B34EAEC65017C492F437D5463DFDEA49ACD62CF8C869AA98D5475852BA68
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-23T20:16:08.401Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                    Entropy (8bit):5.032922336133227
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:YrSAYZ6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycZyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                    MD5:D3E51A3F060F6330917199A7CE9F83F5
                                                                                                                                                                                                                                                    SHA1:F6D2C4B4E81459CFAB9FA28F2D9C3270D0F4F311
                                                                                                                                                                                                                                                    SHA-256:F6F502DA929BCB17FFC5C104B08AC89B771B665B88C58A7805D4BC432E4F5D05
                                                                                                                                                                                                                                                    SHA-512:7EC3FD719BC349B837E7C2BA2E50415B7353C27244FEDF23C1A8DB849DEBCF77DC04B34EAEC65017C492F437D5463DFDEA49ACD62CF8C869AA98D5475852BA68
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-23T20:16:08.401Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Entropy (8bit):6.584681620789564
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:file.exe
                                                                                                                                                                                                                                                    File size:919'552 bytes
                                                                                                                                                                                                                                                    MD5:46686bc4d44f9895b418d26ddfae6ad2
                                                                                                                                                                                                                                                    SHA1:02085f499a4d5d6ce5b951e734f50460b8620aff
                                                                                                                                                                                                                                                    SHA256:29b8dd6eca8c2ab49050c72c74b7381ff3639c3c7beea308b503a23e08c55819
                                                                                                                                                                                                                                                    SHA512:5647c1ccfd519acb043c5f9325ed564b17151b7b0c0e82185afae346f28349f717301d4d008fa592e680a875413d91e3b0163568a49fdf1191537d342dbe001f
                                                                                                                                                                                                                                                    SSDEEP:12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tc:jqDEvCTbMWu7rQYlBQcBiT6rprG8abc
                                                                                                                                                                                                                                                    TLSH:58159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x67193CD4 [Wed Oct 23 18:13:40 2024 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    call 00007F77B541A413h
                                                                                                                                                                                                                                                    jmp 00007F77B5419D1Fh
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                    call 00007F77B5419EFDh
                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                    call 00007F77B5419ECAh
                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    call 00007F77B541CABDh
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    call 00007F77B541CB08h
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                    call 00007F77B541CAF1h
                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .rsrc0xd40000x9c280x9e00541a7b578b015c3dc4caa35b45feeed9False0.3156398338607595data5.373650609242754IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                    RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                    RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                    RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                    RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                    RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                    RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                    RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                    RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                    RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                    RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                    RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                    RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                    RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                    RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                    RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                    RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                    RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                    RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                    RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                                                    RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                    RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                    RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                    RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                    RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                    RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                    EnglishGreat Britain
                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.369463921 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.369513035 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.370239019 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.374684095 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.374702930 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.997487068 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.997570038 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.005162954 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.005182028 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.005299091 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.005426884 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.005480051 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.875713110 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.875741959 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.875916958 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877362013 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877379894 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.100691080 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.100781918 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.103233099 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.109200001 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.115490913 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.115502119 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.117927074 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.117964983 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.118092060 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.124212027 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.739753008 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.766897917 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.767790079 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.767915010 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.768584967 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.773447990 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.773458004 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.773567915 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.773819923 CEST44349738142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.774552107 CEST49738443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.784214020 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.898379087 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.898468018 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.898583889 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.899945974 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.899986029 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.950440884 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.955938101 CEST804974234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.966026068 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.966145039 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.971458912 CEST804974234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.972081900 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.972170115 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.972568989 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.973952055 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.973989010 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.974256992 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.974287987 CEST4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.974386930 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.974482059 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.974493027 CEST4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.005652905 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.005693913 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.007460117 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.011086941 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.011132002 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015216112 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015254021 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015376091 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015526056 CEST44349739142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015789986 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015821934 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015925884 CEST49739443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.015948057 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.017415047 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.017435074 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.116637945 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.116682053 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.131442070 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.134763002 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.134787083 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.366053104 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.366101980 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.374414921 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.375945091 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.375966072 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.484879017 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.484967947 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.492074966 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.500521898 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.500607967 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.520683050 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.520823002 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.524854898 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.524856091 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.524913073 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.525091887 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.525145054 CEST4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.525216103 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.525494099 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.525625944 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.526760101 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.526788950 CEST4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.563808918 CEST804974234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.581851959 CEST4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.582058907 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.584498882 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.584521055 CEST4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.584955931 CEST4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.586741924 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.586803913 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.586925983 CEST49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.594369888 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.599340916 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.600852013 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.604840994 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.604870081 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.604928017 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.605165005 CEST4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.605361938 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.605456114 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.606867075 CEST49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.606905937 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.608637094 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.608676910 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.623378038 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.757965088 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.757965088 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.764270067 CEST804974234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.764291048 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.771727085 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.771749020 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.778644085 CEST4974280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.778645039 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.778695107 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.781280041 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.781291962 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.781810999 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.783467054 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.783551931 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.783687115 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.785018921 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.785018921 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.896223068 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.896347046 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.897465944 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.897528887 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.902312040 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.902323008 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.902437925 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.902621031 CEST44349745142.250.186.46192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.902688026 CEST49745443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.994748116 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.994765997 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.994848967 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.000535011 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.000540972 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.000596046 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.000837088 CEST4434974834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.000881910 CEST49748443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.126699924 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.126713991 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.126888990 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.130194902 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.130228996 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.130486012 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.132714033 CEST4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.132890940 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.135730028 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.135801077 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.136045933 CEST4434974935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.136811972 CEST49749443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.138721943 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.138736010 CEST4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.138818026 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.139055967 CEST4434975034.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.139116049 CEST49750443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.234720945 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.234936953 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.368617058 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.368617058 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.368709087 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.369276047 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.372957945 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.931309938 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.937196970 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.937309027 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.937460899 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.942945004 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.070853949 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.070897102 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.073646069 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.075189114 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.075211048 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.081356049 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.081442118 CEST4434975534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.082520962 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.083800077 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.083878994 CEST4434975534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.536025047 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.583900928 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.703983068 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.704056025 CEST4434975534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.707715034 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.707787037 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714399099 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714412928 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714546919 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714596987 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714673042 CEST4434975534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714751005 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.714782000 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715013027 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715015888 CEST4434975534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715055943 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715076923 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715375900 CEST49755443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.715442896 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.716814995 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.716835976 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.097609043 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.103141069 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.103378057 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.103467941 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.109164953 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.155296087 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.161139011 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.165246964 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.165293932 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.165400028 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.166657925 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.166680098 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.281867027 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.330673933 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.335346937 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.339334965 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.339394093 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.353296995 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.353296995 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.353326082 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.354007006 CEST4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.354327917 CEST49757443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.711956978 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.756155968 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.789722919 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.795341969 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.803200960 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.998490095 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.998516083 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.998562098 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.998883963 CEST4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.001492023 CEST49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.349487066 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.355179071 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.358927965 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.358958960 CEST4434976034.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.359291077 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.360522032 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.360539913 CEST4434976034.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.477904081 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.506578922 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.512223005 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.529669046 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.632184982 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.683346987 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.834152937 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.834235907 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.846168995 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.849678993 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.849766016 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.880685091 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.886193037 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.003248930 CEST4434976034.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.003329992 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.008115053 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.051232100 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.083523035 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.083556890 CEST4434976034.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.083648920 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.084038019 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.084069014 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.084142923 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.084158897 CEST4434976034.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.085525036 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.085537910 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.085604906 CEST49760443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.467009068 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.467029095 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.467214108 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.472059011 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.472059965 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.472117901 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.472368002 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.472446918 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.701186895 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.701281071 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.819806099 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.819833040 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.819905043 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.820348024 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.820411921 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.420628071 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.420715094 CEST4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.421242952 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.422625065 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.422663927 CEST4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.046992064 CEST4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.050473928 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.058928967 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059006929 CEST4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059102058 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059370041 CEST4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059525013 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059554100 CEST4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059720039 CEST49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.059791088 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.060908079 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.060925961 CEST4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.155473948 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.160958052 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.281986952 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.323968887 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.682272911 CEST4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.685811996 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.689539909 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.689559937 CEST4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.689630032 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.689790964 CEST4434976834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.689851046 CEST49768443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.901240110 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.901279926 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.905122995 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.906400919 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.906419992 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.435148001 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.440681934 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.531955004 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.532057047 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.562930107 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.612160921 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.828749895 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.828821898 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.828854084 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.829054117 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.831264019 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832369089 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832432985 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832634926 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832720995 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832854986 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.832890987 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836383104 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836442947 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836450100 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836515903 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836565018 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836584091 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836673975 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836699009 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836704969 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836716890 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836807013 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.958492994 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.013320923 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.430610895 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.430645943 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.430885077 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.430967093 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.431356907 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.436824083 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.438927889 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.439048052 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.439058065 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.439058065 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.440335035 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.440376043 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.444750071 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.445549011 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.445667982 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.448520899 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.448549986 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.448888063 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.450551033 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.450614929 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.450736046 CEST4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.452316999 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.455483913 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.461268902 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.461301088 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.461328983 CEST49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.462471008 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.463814020 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.463830948 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.464169025 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.465607882 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.465676069 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.465854883 CEST4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.466084957 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.466085911 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.466087103 CEST49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.559330940 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.599400997 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.652066946 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.699708939 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.137952089 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.137973070 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.138019085 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.145770073 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.145811081 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.145845890 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.201046944 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.264352083 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.264379025 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.265237093 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.267220020 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.267234087 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.268168926 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.269696951 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.269782066 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.270014048 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.270073891 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.270091057 CEST4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.270128965 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.270518064 CEST4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.271630049 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.271703005 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.272025108 CEST4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.273572922 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.273597002 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.273597002 CEST49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.273621082 CEST49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.273622036 CEST49776443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.796664000 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.802453995 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.924632072 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.965706110 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.315329075 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.317074060 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.317121029 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.319613934 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.321188927 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.321599007 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.321618080 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.441837072 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.488899946 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.678812981 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.684819937 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.807081938 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.858830929 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.944719076 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.944801092 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.950368881 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.950380087 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.950587988 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.950588942 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.950603008 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.953176975 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.955677986 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.955738068 CEST4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.956031084 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.957657099 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.957688093 CEST4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.958673954 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.080166101 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.087707043 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.093039036 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.144165039 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.159334898 CEST4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.159401894 CEST49777443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.215122938 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.259995937 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.578905106 CEST4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.579096079 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.583498001 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.583525896 CEST4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.583601952 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.583719015 CEST4434977834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.584753990 CEST49778443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.586211920 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.591859102 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.712085962 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.716715097 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.722987890 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.760368109 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.846529007 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.901432991 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.251584053 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.251652002 CEST4434977934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.251744986 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.253154039 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.253189087 CEST4434977934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.890088081 CEST4434977934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.890168905 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.894267082 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.894290924 CEST4434977934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.894356012 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.894453049 CEST4434977934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.894928932 CEST49779443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.897897005 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.903395891 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.023897886 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.029443026 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.035171032 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.072438002 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.157402992 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.204016924 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.824351072 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.824466944 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.824554920 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.824666023 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.824687958 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.839072943 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.839157104 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.839709044 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.839829922 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.839854002 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845218897 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845252991 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845312119 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845400095 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845412016 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.864504099 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.864561081 CEST4434978335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.869621038 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.870949030 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.870965004 CEST4434978335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.881721973 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.881808043 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.891345978 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.892780066 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.892859936 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.445698977 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.446010113 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.448786974 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.448842049 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.449373007 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.449402094 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.451102972 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.451103926 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.451359987 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.453361034 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.453361034 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.453393936 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.455790043 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.455867052 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.456821918 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.457585096 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.457586050 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.458045959 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.459532976 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.459532976 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.461045980 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.462491989 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.463637114 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.466865063 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.469856977 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.469873905 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.470170021 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.472008944 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.472091913 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.472176075 CEST44349782151.101.193.91192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.477766037 CEST49782443192.168.2.4151.101.193.91
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.478909969 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.478951931 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.479199886 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.479398966 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.479413986 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.480865955 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.480906963 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.481146097 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.481250048 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.481261969 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.482626915 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.482636929 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.483390093 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.483474970 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.483483076 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.489665985 CEST4434978335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.489814997 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.493346930 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.493371010 CEST4434978335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.493417978 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.493777037 CEST4434978335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.498111010 CEST49783443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.523474932 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.523494005 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.523583889 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.527249098 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.527278900 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.527350903 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.527580023 CEST4434978435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.527654886 CEST49784443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.537856102 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.537884951 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.537976027 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.538101912 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.538110971 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.587860107 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.589790106 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.595334053 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.632987022 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.717715979 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.764492989 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.160123110 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.160208941 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.162818909 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.162832022 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.163326979 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.164752960 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.164807081 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165165901 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165247917 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165369034 CEST4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165669918 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165702105 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165704966 CEST49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.165704966 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.171197891 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.173455954 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.173485041 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.173772097 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.175472975 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.175487995 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.175734043 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.175961971 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.178646088 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.178653955 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.178893089 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.178976059 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182447910 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182461977 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182557106 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182616949 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182909012 CEST4434978735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.182915926 CEST4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.183335066 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.183402061 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.183501005 CEST4434978834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.184322119 CEST49787443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.184329987 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.184334993 CEST49786443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.184367895 CEST49788443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.305830956 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.308039904 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.313529015 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.350709915 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.436229944 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.482096910 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.814476967 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.814559937 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.814816952 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.814913988 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.814933062 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.444992065 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.445081949 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.446055889 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.446134090 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.449022055 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.449049950 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.449461937 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.451009035 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.451090097 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.451217890 CEST44359451142.250.113.100192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.451277971 CEST59451443192.168.2.4142.250.113.100
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.454896927 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.460383892 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.581249952 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.584256887 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.589919090 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.641580105 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.712589025 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.756064892 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.585805893 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.591295958 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.717246056 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.722893000 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.036005974 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.036098957 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.040457010 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.047281981 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.047334909 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.664537907 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.679362059 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.685686111 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.697715998 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.697745085 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.698079109 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.699048042 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.699079037 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.710145950 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.715893030 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.837169886 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.840570927 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.846328974 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.886149883 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.903362036 CEST4435945234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.903551102 CEST59452443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.968713045 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:59.017600060 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.845812082 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.854038000 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.969619989 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.975114107 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.450025082 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.455585003 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.576069117 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.579092026 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.584487915 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.628890991 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.706434011 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.760294914 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.646689892 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.646817923 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647151947 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647249937 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647365093 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647566080 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647604942 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647830963 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.647855043 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661134958 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661338091 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661345959 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661395073 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661556959 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.661586046 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.258941889 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.259021044 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.262067080 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.262087107 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.262423038 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.264318943 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.264384031 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.264508963 CEST4435950134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.264653921 CEST59501443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.280246019 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.280262947 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.280319929 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.282840967 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.282851934 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.283174992 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.285056114 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.285119057 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.285240889 CEST4435950234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.285691977 CEST59502443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.286307096 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.286345959 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.286386967 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.289262056 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.289318085 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.289613962 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.292385101 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.292463064 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.292591095 CEST4435950334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.292665005 CEST59503443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.327768087 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.329020977 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.329106092 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.330002069 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.330127954 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.330152035 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.333894014 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.335742950 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.335810900 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.335875988 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.335964918 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336369038 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336481094 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336483955 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336514950 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336545944 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.336570978 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.363420963 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.363478899 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.364867926 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.364867926 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.364913940 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.454639912 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.486067057 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.492120028 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.522728920 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.614372015 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.668170929 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.947437048 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.947525978 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.950289965 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.950319052 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.950828075 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.952553034 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.952555895 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.952646971 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.952766895 CEST4435950934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.952797890 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.954025984 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.955595970 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.955621004 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.956439018 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.956482887 CEST59509443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.956523895 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.958589077 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.958601952 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.958935022 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.959135056 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.960625887 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.960714102 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.960832119 CEST4435951034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.961153984 CEST59510443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.961770058 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.961832047 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.962055922 CEST4435951134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.962455034 CEST59511443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.964530945 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.973157883 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.973222971 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.976092100 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.976104975 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.976350069 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.978506088 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.978606939 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.978646040 CEST4435951234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.979306936 CEST59512443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.087769985 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.090718031 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.096288919 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.141938925 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.218730927 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.273464918 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.092140913 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.097717047 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.223738909 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.229713917 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.104788065 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.110394001 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.236201048 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.241765022 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.822623014 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.822681904 CEST4435964634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.822993994 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.824906111 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.824924946 CEST4435964634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.436757088 CEST4435964634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.436897039 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.441481113 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.441494942 CEST4435964634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.441582918 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.441693068 CEST4435964634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.441757917 CEST59646443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.444350958 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.449851990 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.571054935 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.574809074 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.580528021 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.626727104 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.702387094 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.742676020 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.585745096 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.591193914 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.723721027 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.729206085 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.599195957 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.605184078 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.730132103 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.735795975 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.619326115 CEST4975380192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.624838114 CEST804975334.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.750751019 CEST4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.756252050 CEST804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.369967937 CEST6289053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.378710032 CEST53628901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.385138035 CEST5793453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.393845081 CEST53579341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.866822004 CEST5003153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.867099047 CEST5878553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.874939919 CEST53587851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877310991 CEST6005653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877491951 CEST6171253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.884968042 CEST53600561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.885579109 CEST53617121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.886094093 CEST5703153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.886266947 CEST5984453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.893579006 CEST53598441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.894143105 CEST53570311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.880989075 CEST5543653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.881496906 CEST6331053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.888516903 CEST53554361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.888923883 CEST53633101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.889478922 CEST6080653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.897396088 CEST53608061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.898411989 CEST5412753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.906619072 CEST53541271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.907082081 CEST6528353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.915239096 CEST53652831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.941590071 CEST5108153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.961618900 CEST5414153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.969886065 CEST53541411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.972242117 CEST6037353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.973273039 CEST5202953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.980685949 CEST53603731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.980912924 CEST53520291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.985749960 CEST5985253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.993124008 CEST53598521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.995707035 CEST6317753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.004400969 CEST53631771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.106456041 CEST6101953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.114181042 CEST53610191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.118634939 CEST6442753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.127624035 CEST53644271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.132085085 CEST5150653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.136715889 CEST6047353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.139626026 CEST53515061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.201714993 CEST53506611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.277621984 CEST6322253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.284991980 CEST53632221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.294158936 CEST6028553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.301577091 CEST53602851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.302769899 CEST5790553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.310276985 CEST53579051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.081470966 CEST5894453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.089231014 CEST53589441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.089817047 CEST5076953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.097641945 CEST53507691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.350915909 CEST5122553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.358266115 CEST53512251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.359065056 CEST6243453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.366656065 CEST53624341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.367140055 CEST6339853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.375756979 CEST53633981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.423698902 CEST4992053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.431247950 CEST53499201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.437951088 CEST5582453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.438194990 CEST5272153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.440464020 CEST6138953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST53558241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446326017 CEST53527211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.450699091 CEST53613891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.452718973 CEST5547253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.452964067 CEST4954953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.453855991 CEST5004753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461090088 CEST53495491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461565971 CEST5600453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST53500471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.462385893 CEST5608753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.463018894 CEST53554721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.463408947 CEST5666153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.469203949 CEST53560041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470436096 CEST53560871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470814943 CEST5321753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471293926 CEST53566611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471478939 CEST5689353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471992970 CEST6040353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST53532171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478691101 CEST6182653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479091883 CEST53568931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479232073 CEST53604031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479522943 CEST5912853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479839087 CEST5813553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487210035 CEST53618261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487853050 CEST5789453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487899065 CEST53591281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.488240957 CEST5633353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.488611937 CEST53581351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.497023106 CEST53578941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.497457027 CEST53563331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.902162075 CEST6084853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.911444902 CEST53608481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836363077 CEST6086953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.844686985 CEST53608691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.955974102 CEST5670553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.963615894 CEST53567051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.241961956 CEST5062553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.250282049 CEST53506251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.250819921 CEST5852653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.258367062 CEST53585261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.816615105 CEST5244453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.825613976 CEST53524441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.836332083 CEST5336253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.844439983 CEST53533621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845617056 CEST5332353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.854840040 CEST53533231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.855335951 CEST6302453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.863066912 CEST53630241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.870615005 CEST5620553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.878135920 CEST53562051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.882366896 CEST5298453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.891027927 CEST53529841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.893271923 CEST5199453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.902276039 CEST53519941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:42.193833113 CEST53534931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.454768896 CEST5111253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.035357952 CEST5772553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.043973923 CEST53577251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.045162916 CEST6485853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.052500010 CEST53648581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.645178080 CEST5818353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.653568029 CEST53581831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.812727928 CEST4980053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.821031094 CEST53498001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.821927071 CEST6067253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.830529928 CEST53606721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.369967937 CEST192.168.2.41.1.1.10x775bStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.385138035 CEST192.168.2.41.1.1.10x371Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.866822004 CEST192.168.2.41.1.1.10xf272Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.867099047 CEST192.168.2.41.1.1.10x4241Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877310991 CEST192.168.2.41.1.1.10x1e11Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.877491951 CEST192.168.2.41.1.1.10xeba5Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.886094093 CEST192.168.2.41.1.1.10x2fc4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.886266947 CEST192.168.2.41.1.1.10xefdStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.880989075 CEST192.168.2.41.1.1.10x4686Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.881496906 CEST192.168.2.41.1.1.10xc178Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.889478922 CEST192.168.2.41.1.1.10x11dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.898411989 CEST192.168.2.41.1.1.10x2d9Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.907082081 CEST192.168.2.41.1.1.10x4b7bStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.941590071 CEST192.168.2.41.1.1.10xb1b4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.961618900 CEST192.168.2.41.1.1.10x941fStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.972242117 CEST192.168.2.41.1.1.10xda61Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.973273039 CEST192.168.2.41.1.1.10xaa06Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.985749960 CEST192.168.2.41.1.1.10x1a28Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.995707035 CEST192.168.2.41.1.1.10x5148Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.106456041 CEST192.168.2.41.1.1.10x4745Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.118634939 CEST192.168.2.41.1.1.10x58b2Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.132085085 CEST192.168.2.41.1.1.10xecfStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.136715889 CEST192.168.2.41.1.1.10xde89Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.277621984 CEST192.168.2.41.1.1.10x59e8Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.294158936 CEST192.168.2.41.1.1.10x988Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.302769899 CEST192.168.2.41.1.1.10xa17aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.081470966 CEST192.168.2.41.1.1.10x81deStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.089817047 CEST192.168.2.41.1.1.10x413bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.350915909 CEST192.168.2.41.1.1.10xd61eStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.359065056 CEST192.168.2.41.1.1.10x9129Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.367140055 CEST192.168.2.41.1.1.10x620cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.423698902 CEST192.168.2.41.1.1.10x24aStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.437951088 CEST192.168.2.41.1.1.10x97c7Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.438194990 CEST192.168.2.41.1.1.10x690aStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.440464020 CEST192.168.2.41.1.1.10xc245Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.452718973 CEST192.168.2.41.1.1.10xb24dStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.452964067 CEST192.168.2.41.1.1.10x415eStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.453855991 CEST192.168.2.41.1.1.10x8b93Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461565971 CEST192.168.2.41.1.1.10x3deStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.462385893 CEST192.168.2.41.1.1.10xdcceStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.463408947 CEST192.168.2.41.1.1.10x1aa3Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470814943 CEST192.168.2.41.1.1.10x8411Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471478939 CEST192.168.2.41.1.1.10x4e6dStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471992970 CEST192.168.2.41.1.1.10xc00bStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478691101 CEST192.168.2.41.1.1.10x1ca9Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479522943 CEST192.168.2.41.1.1.10x9733Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479839087 CEST192.168.2.41.1.1.10xdf22Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487853050 CEST192.168.2.41.1.1.10x3cc9Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.488240957 CEST192.168.2.41.1.1.10xe2ddStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.902162075 CEST192.168.2.41.1.1.10xf588Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.836363077 CEST192.168.2.41.1.1.10x1abStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.955974102 CEST192.168.2.41.1.1.10x9aa0Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.241961956 CEST192.168.2.41.1.1.10x5039Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.250819921 CEST192.168.2.41.1.1.10x3f2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.816615105 CEST192.168.2.41.1.1.10xb20Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.836332083 CEST192.168.2.41.1.1.10xaf6bStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.845617056 CEST192.168.2.41.1.1.10x4a77Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.855335951 CEST192.168.2.41.1.1.10x1423Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.870615005 CEST192.168.2.41.1.1.10x9f8dStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.882366896 CEST192.168.2.41.1.1.10xf91dStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.893271923 CEST192.168.2.41.1.1.10xd811Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.454768896 CEST192.168.2.41.1.1.10x762aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.035357952 CEST192.168.2.41.1.1.10xffbfStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.045162916 CEST192.168.2.41.1.1.10x2e85Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.645178080 CEST192.168.2.41.1.1.10x4e8cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.812727928 CEST192.168.2.41.1.1.10x4a5dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.821927071 CEST192.168.2.41.1.1.10x4db5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.325406075 CEST1.1.1.1192.168.2.40x5254No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:11.378710032 CEST1.1.1.1192.168.2.40x775bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.874723911 CEST1.1.1.1192.168.2.40xf272No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.874723911 CEST1.1.1.1192.168.2.40xf272No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.874939919 CEST1.1.1.1192.168.2.40x4241No error (0)youtube.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.884968042 CEST1.1.1.1192.168.2.40x1e11No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.885579109 CEST1.1.1.1192.168.2.40xeba5No error (0)youtube.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.893579006 CEST1.1.1.1192.168.2.40xefdNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:12.894143105 CEST1.1.1.1192.168.2.40x2fc4No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.888516903 CEST1.1.1.1192.168.2.40x4686No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.888923883 CEST1.1.1.1192.168.2.40xc178No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.888923883 CEST1.1.1.1192.168.2.40xc178No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.897396088 CEST1.1.1.1192.168.2.40x11dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.906619072 CEST1.1.1.1192.168.2.40x2d9No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.949248075 CEST1.1.1.1192.168.2.40xb1b4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.949248075 CEST1.1.1.1192.168.2.40xb1b4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.969886065 CEST1.1.1.1192.168.2.40x941fNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.969886065 CEST1.1.1.1192.168.2.40x941fNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.970179081 CEST1.1.1.1192.168.2.40x56fbNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.970179081 CEST1.1.1.1192.168.2.40x56fbNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.980685949 CEST1.1.1.1192.168.2.40xda61No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.980912924 CEST1.1.1.1192.168.2.40xaa06No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.114181042 CEST1.1.1.1192.168.2.40x4745No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.114181042 CEST1.1.1.1192.168.2.40x4745No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.114181042 CEST1.1.1.1192.168.2.40x4745No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.127624035 CEST1.1.1.1192.168.2.40x58b2No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.139626026 CEST1.1.1.1192.168.2.40xecfNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.147844076 CEST1.1.1.1192.168.2.40xde89No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.284991980 CEST1.1.1.1192.168.2.40x59e8No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.301577091 CEST1.1.1.1192.168.2.40x988No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.473447084 CEST1.1.1.1192.168.2.40x1245No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.473447084 CEST1.1.1.1192.168.2.40x1245No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.080073118 CEST1.1.1.1192.168.2.40x5d88No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.089231014 CEST1.1.1.1192.168.2.40x81deNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.164494991 CEST1.1.1.1192.168.2.40xb466No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.358266115 CEST1.1.1.1192.168.2.40xd61eNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.358266115 CEST1.1.1.1192.168.2.40xd61eNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.366656065 CEST1.1.1.1192.168.2.40x9129No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.431247950 CEST1.1.1.1192.168.2.40x24aNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.431247950 CEST1.1.1.1192.168.2.40x24aNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.431247950 CEST1.1.1.1192.168.2.40x24aNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446186066 CEST1.1.1.1192.168.2.40x97c7No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446326017 CEST1.1.1.1192.168.2.40x690aNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.446326017 CEST1.1.1.1192.168.2.40x690aNo error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.450699091 CEST1.1.1.1192.168.2.40xc245No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461090088 CEST1.1.1.1192.168.2.40x415eNo error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.461992025 CEST1.1.1.1192.168.2.40x8b93No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.469203949 CEST1.1.1.1192.168.2.40x3deNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470436096 CEST1.1.1.1192.168.2.40xdcceNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470436096 CEST1.1.1.1192.168.2.40xdcceNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470436096 CEST1.1.1.1192.168.2.40xdcceNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.470436096 CEST1.1.1.1192.168.2.40xdcceNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471293926 CEST1.1.1.1192.168.2.40x1aa3No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.471293926 CEST1.1.1.1192.168.2.40x1aa3No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST1.1.1.1192.168.2.40x8411No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST1.1.1.1192.168.2.40x8411No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST1.1.1.1192.168.2.40x8411No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST1.1.1.1192.168.2.40x8411No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.478147984 CEST1.1.1.1192.168.2.40x8411No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479091883 CEST1.1.1.1192.168.2.40x4e6dNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.479232073 CEST1.1.1.1192.168.2.40xc00bNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487210035 CEST1.1.1.1192.168.2.40x1ca9No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487210035 CEST1.1.1.1192.168.2.40x1ca9No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487210035 CEST1.1.1.1192.168.2.40x1ca9No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487210035 CEST1.1.1.1192.168.2.40x1ca9No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.487899065 CEST1.1.1.1192.168.2.40x9733No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:24.488611937 CEST1.1.1.1192.168.2.40xdf22No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.250282049 CEST1.1.1.1192.168.2.40x5039No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.823252916 CEST1.1.1.1192.168.2.40xe5e0No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.823252916 CEST1.1.1.1192.168.2.40xe5e0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.844439983 CEST1.1.1.1192.168.2.40xaf6bNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.844439983 CEST1.1.1.1192.168.2.40xaf6bNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.844439983 CEST1.1.1.1192.168.2.40xaf6bNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.844439983 CEST1.1.1.1192.168.2.40xaf6bNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.854840040 CEST1.1.1.1192.168.2.40x4a77No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.854840040 CEST1.1.1.1192.168.2.40x4a77No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.854840040 CEST1.1.1.1192.168.2.40x4a77No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.854840040 CEST1.1.1.1192.168.2.40x4a77No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.878135920 CEST1.1.1.1192.168.2.40x9f8dNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.878135920 CEST1.1.1.1192.168.2.40x9f8dNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:39.891027927 CEST1.1.1.1192.168.2.40xf91dNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.188268900 CEST1.1.1.1192.168.2.40x617aNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.188268900 CEST1.1.1.1192.168.2.40x617aNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.463156939 CEST1.1.1.1192.168.2.40x762aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.463156939 CEST1.1.1.1192.168.2.40x762aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.043973923 CEST1.1.1.1192.168.2.40xffbfNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:10.640357971 CEST1.1.1.1192.168.2.40xf926No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:38.821031094 CEST1.1.1.1192.168.2.40x4a5dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    • detectportal.firefox.com
                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.44974034.107.221.82807744C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.118092060 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.739753008 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20376
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.44974234.107.221.82807744C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:13.966145039 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:14.563808918 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20129
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.44975334.107.221.82807744C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:15.937460899 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:16.536025047 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20379
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.155296087 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.281867027 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20380
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.506578922 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.632184982 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20381
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.155473948 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:25.281986952 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20388
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.831264019 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.958492994 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20389
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.445549011 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.652066946 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20390
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.315329075 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.441837072 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20393
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.953176975 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.080166101 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20394
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.586211920 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.712085962 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20394
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:37.897897005 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.023897886 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20400
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.461045980 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.587860107 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20403
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.178893089 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.305830956 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20404
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.454896927 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.581249952 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20406
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.585805893 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.710145950 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.837169886 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20421
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.845812082 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.450025082 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.576069117 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20432
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.327768087 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.454639912 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20434
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.959135056 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.087769985 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20435
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.092140913 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.104788065 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.444350958 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.571054935 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:49:37 GMT
                                                                                                                                                                                                                                                    Age: 20462
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.585745096 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.599195957 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.619326115 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    3192.168.2.44975834.107.221.82807744C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.103467941 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:17.711956978 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20132
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.349487066 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.477904081 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20133
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:18.880685091 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:19.008115053 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20133
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.435148001 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:26.562930107 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20141
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.431356907 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:27.559330940 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20142
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.796664000 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:28.924632072 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20143
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.678812981 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:30.807081938 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20145
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.087707043 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.215122938 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20146
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.716715097 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:31.846529007 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20146
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.029443026 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:38.157402992 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20153
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.589790106 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:40.717715979 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20155
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.308039904 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:41.436229944 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20156
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.584256887 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:43.712589025 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20158
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:53.717246056 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.840570927 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:29:58.968713045 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20173
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:08.969619989 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.579092026 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:09.706434011 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20184
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.486067057 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:11.614372015 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20186
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.090718031 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:12.218730927 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20187
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:22.223738909 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:32.236201048 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.574809074 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:39.702387094 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                    Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                    Age: 20214
                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:49.723721027 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:30:59.730132103 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                    Oct 23, 2024 20:31:09.750751019 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:14:29:05
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                    Imagebase:0xe60000
                                                                                                                                                                                                                                                    File size:919'552 bytes
                                                                                                                                                                                                                                                    MD5 hash:46686BC4D44F9895B418D26DDFAE6AD2
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                    Start time:14:29:05
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                    Start time:14:29:05
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                    Start time:14:29:07
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                    Start time:14:29:08
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                    Start time:14:29:08
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                    Start time:14:29:08
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                    Start time:14:29:08
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2224 -prefMapHandle 2216 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5c25c4-3757-459e-b4ac-58f736293a5e} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da6d710 socket
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                    Start time:14:29:10
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -parentBuildID 20230927232528 -prefsHandle 2784 -prefMapHandle 2968 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67afcd-37bf-4c91-a883-2013733a1af7} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a0da7aa10 rdd
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                    Start time:14:29:13
                                                                                                                                                                                                                                                    Start date:23/10/2024
                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5180 -prefMapHandle 1540 -prefsLen 31144 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aee006-b1dd-409e-9761-e4998fb38d01} 7744 "\\.\pipe\gecko-crash-server-pipe.7744" 22a1f275f10 utility
                                                                                                                                                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                      Execution Coverage:2.1%
                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                      Signature Coverage:4.2%
                                                                                                                                                                                                                                                      Total number of Nodes:1603
                                                                                                                                                                                                                                                      Total number of Limit Nodes:73
                                                                                                                                                                                                                                                      execution_graph 94398 e66a26 94401 e7fddb 94398->94401 94400 e66a33 94405 e7fde0 94401->94405 94403 e7fdfa 94403->94400 94405->94403 94408 e7fdfc 94405->94408 94411 e8ea0c 94405->94411 94418 e84ead 7 API calls 2 library calls 94405->94418 94406 e8066d 94420 e832a4 RaiseException 94406->94420 94408->94406 94419 e832a4 RaiseException 94408->94419 94409 e8068a 94409->94400 94416 e93820 _abort 94411->94416 94412 e9385e 94422 e8f2d9 20 API calls _abort 94412->94422 94414 e93849 RtlAllocateHeap 94415 e9385c 94414->94415 94414->94416 94415->94405 94416->94412 94416->94414 94421 e84ead 7 API calls 2 library calls 94416->94421 94418->94405 94419->94406 94420->94409 94421->94416 94422->94415 94423 e61044 94428 e610f3 94423->94428 94425 e6104a 94464 e800a3 29 API calls __onexit 94425->94464 94427 e61054 94465 e61398 94428->94465 94432 e6116a 94475 e6a961 94432->94475 94435 e6a961 22 API calls 94436 e6117e 94435->94436 94437 e6a961 22 API calls 94436->94437 94438 e61188 94437->94438 94439 e6a961 22 API calls 94438->94439 94440 e611c6 94439->94440 94441 e6a961 22 API calls 94440->94441 94442 e61292 94441->94442 94480 e6171c 94442->94480 94446 e612c4 94447 e6a961 22 API calls 94446->94447 94448 e612ce 94447->94448 94501 e71940 94448->94501 94450 e612f9 94511 e61aab 94450->94511 94452 e61315 94453 e61325 GetStdHandle 94452->94453 94454 e6137a 94453->94454 94455 ea2485 94453->94455 94458 e61387 OleInitialize 94454->94458 94455->94454 94456 ea248e 94455->94456 94457 e7fddb 22 API calls 94456->94457 94459 ea2495 94457->94459 94458->94425 94518 ed011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94459->94518 94461 ea249e 94519 ed0944 CreateThread 94461->94519 94463 ea24aa CloseHandle 94463->94454 94464->94427 94520 e613f1 94465->94520 94468 e613f1 22 API calls 94469 e613d0 94468->94469 94470 e6a961 22 API calls 94469->94470 94471 e613dc 94470->94471 94527 e66b57 94471->94527 94473 e61129 94474 e61bc3 6 API calls 94473->94474 94474->94432 94476 e7fe0b 22 API calls 94475->94476 94477 e6a976 94476->94477 94478 e7fddb 22 API calls 94477->94478 94479 e61174 94478->94479 94479->94435 94481 e6a961 22 API calls 94480->94481 94482 e6172c 94481->94482 94483 e6a961 22 API calls 94482->94483 94484 e61734 94483->94484 94485 e6a961 22 API calls 94484->94485 94486 e6174f 94485->94486 94487 e7fddb 22 API calls 94486->94487 94488 e6129c 94487->94488 94489 e61b4a 94488->94489 94490 e61b58 94489->94490 94491 e6a961 22 API calls 94490->94491 94492 e61b63 94491->94492 94493 e6a961 22 API calls 94492->94493 94494 e61b6e 94493->94494 94495 e6a961 22 API calls 94494->94495 94496 e61b79 94495->94496 94497 e6a961 22 API calls 94496->94497 94498 e61b84 94497->94498 94499 e7fddb 22 API calls 94498->94499 94500 e61b96 RegisterWindowMessageW 94499->94500 94500->94446 94502 e71981 94501->94502 94505 e7195d 94501->94505 94563 e80242 5 API calls __Init_thread_wait 94502->94563 94510 e7196e 94505->94510 94565 e80242 5 API calls __Init_thread_wait 94505->94565 94506 e7198b 94506->94505 94564 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94506->94564 94507 e78727 94507->94510 94566 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94507->94566 94510->94450 94512 ea272d 94511->94512 94513 e61abb 94511->94513 94567 ed3209 23 API calls 94512->94567 94515 e7fddb 22 API calls 94513->94515 94517 e61ac3 94515->94517 94516 ea2738 94517->94452 94518->94461 94519->94463 94568 ed092a 28 API calls 94519->94568 94521 e6a961 22 API calls 94520->94521 94522 e613fc 94521->94522 94523 e6a961 22 API calls 94522->94523 94524 e61404 94523->94524 94525 e6a961 22 API calls 94524->94525 94526 e613c6 94525->94526 94526->94468 94528 e66b67 _wcslen 94527->94528 94529 ea4ba1 94527->94529 94532 e66ba2 94528->94532 94533 e66b7d 94528->94533 94550 e693b2 94529->94550 94531 ea4baa 94531->94531 94535 e7fddb 22 API calls 94532->94535 94539 e66f34 22 API calls 94533->94539 94537 e66bae 94535->94537 94536 e66b85 __fread_nolock 94536->94473 94540 e7fe0b 94537->94540 94539->94536 94542 e7fddb 94540->94542 94541 e8ea0c ___std_exception_copy 21 API calls 94541->94542 94542->94541 94543 e7fdfa 94542->94543 94545 e7fdfc 94542->94545 94554 e84ead 7 API calls 2 library calls 94542->94554 94543->94536 94546 e8066d 94545->94546 94555 e832a4 RaiseException 94545->94555 94556 e832a4 RaiseException 94546->94556 94548 e8068a 94548->94536 94551 e693c9 __fread_nolock 94550->94551 94552 e693c0 94550->94552 94551->94531 94552->94551 94557 e6aec9 94552->94557 94554->94542 94555->94546 94556->94548 94558 e6aedc 94557->94558 94562 e6aed9 __fread_nolock 94557->94562 94559 e7fddb 22 API calls 94558->94559 94560 e6aee7 94559->94560 94561 e7fe0b 22 API calls 94560->94561 94561->94562 94562->94551 94563->94506 94564->94505 94565->94507 94566->94510 94567->94516 94569 e6dee5 94572 e6b710 94569->94572 94573 e6b72b 94572->94573 94574 eb00f8 94573->94574 94575 eb0146 94573->94575 94591 e6b750 94573->94591 94578 eb0102 94574->94578 94581 eb010f 94574->94581 94574->94591 94651 ee58a2 348 API calls 2 library calls 94575->94651 94649 ee5d33 348 API calls 94578->94649 94595 e6ba20 94581->94595 94650 ee61d0 348 API calls 2 library calls 94581->94650 94584 eb03d9 94584->94584 94585 e7d336 40 API calls 94585->94591 94589 e6ba4e 94590 eb0322 94664 ee5c0c 82 API calls 94590->94664 94591->94585 94591->94589 94591->94590 94591->94595 94599 e6bbe0 40 API calls 94591->94599 94603 e6ec40 94591->94603 94627 e7a01b 94591->94627 94641 e6a81b 41 API calls 94591->94641 94642 e7d2f0 40 API calls 94591->94642 94643 e80242 5 API calls __Init_thread_wait 94591->94643 94644 e7edcd 22 API calls 94591->94644 94645 e800a3 29 API calls __onexit 94591->94645 94646 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94591->94646 94647 e7ee53 82 API calls 94591->94647 94648 e7e5ca 348 API calls 94591->94648 94652 e6aceb 94591->94652 94662 ebf6bf 23 API calls 94591->94662 94663 e6a8c7 22 API calls __fread_nolock 94591->94663 94595->94589 94665 ed359c 82 API calls __wsopen_s 94595->94665 94599->94591 94620 e6ec76 ISource 94603->94620 94604 e7fddb 22 API calls 94604->94620 94605 e6fef7 94619 e6ed9d ISource 94605->94619 94669 e6a8c7 22 API calls __fread_nolock 94605->94669 94608 eb4600 94608->94619 94668 e6a8c7 22 API calls __fread_nolock 94608->94668 94609 eb4b0b 94671 ed359c 82 API calls __wsopen_s 94609->94671 94615 e6a8c7 22 API calls 94615->94620 94616 e80242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94616->94620 94617 e6fbe3 94617->94619 94622 eb4bdc 94617->94622 94626 e6f3ae ISource 94617->94626 94618 e6a961 22 API calls 94618->94620 94619->94591 94620->94604 94620->94605 94620->94608 94620->94609 94620->94615 94620->94616 94620->94617 94620->94618 94620->94619 94621 e800a3 29 API calls pre_c_initialization 94620->94621 94624 eb4beb 94620->94624 94625 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94620->94625 94620->94626 94666 e701e0 348 API calls 2 library calls 94620->94666 94667 e706a0 41 API calls ISource 94620->94667 94621->94620 94672 ed359c 82 API calls __wsopen_s 94622->94672 94673 ed359c 82 API calls __wsopen_s 94624->94673 94625->94620 94626->94619 94670 ed359c 82 API calls __wsopen_s 94626->94670 94628 e7a11a 94627->94628 94639 e7a060 94627->94639 94674 e663eb 22 API calls 94628->94674 94630 e6ec40 348 API calls 94630->94639 94631 e7a186 94676 e7a836 22 API calls 94631->94676 94632 e7a124 94634 e7a16b 94632->94634 94675 e66a50 22 API calls 94632->94675 94636 e7a175 94634->94636 94677 ed359c 82 API calls __wsopen_s 94634->94677 94636->94591 94637 eb7908 94639->94628 94639->94630 94639->94631 94639->94634 94640 e6b567 39 API calls 94639->94640 94640->94639 94641->94591 94642->94591 94643->94591 94644->94591 94645->94591 94646->94591 94647->94591 94648->94591 94649->94581 94650->94595 94651->94591 94653 e6acf9 94652->94653 94661 e6ad2a ISource 94652->94661 94654 e6ad55 94653->94654 94655 e6ad01 ISource 94653->94655 94654->94661 94678 e6a8c7 22 API calls __fread_nolock 94654->94678 94657 eafa48 94655->94657 94658 e6ad21 94655->94658 94655->94661 94657->94661 94679 e7ce17 22 API calls ISource 94657->94679 94659 eafa3a VariantClear 94658->94659 94658->94661 94659->94661 94661->94591 94662->94591 94663->94591 94664->94595 94665->94584 94666->94620 94667->94620 94668->94619 94669->94619 94670->94619 94671->94619 94672->94624 94673->94619 94674->94632 94675->94634 94676->94636 94677->94637 94678->94661 94679->94661 94680 e62de3 94681 e62df0 __wsopen_s 94680->94681 94682 ea2c2b ___scrt_fastfail 94681->94682 94683 e62e09 94681->94683 94685 ea2c47 GetOpenFileNameW 94682->94685 94696 e63aa2 94683->94696 94688 ea2c96 94685->94688 94690 e66b57 22 API calls 94688->94690 94692 ea2cab 94690->94692 94692->94692 94693 e62e27 94724 e644a8 94693->94724 94753 ea1f50 94696->94753 94699 e63ace 94701 e66b57 22 API calls 94699->94701 94700 e63ae9 94759 e6a6c3 94700->94759 94703 e63ada 94701->94703 94755 e637a0 94703->94755 94706 e62da5 94707 ea1f50 __wsopen_s 94706->94707 94708 e62db2 GetLongPathNameW 94707->94708 94709 e66b57 22 API calls 94708->94709 94710 e62dda 94709->94710 94711 e63598 94710->94711 94712 e6a961 22 API calls 94711->94712 94713 e635aa 94712->94713 94714 e63aa2 23 API calls 94713->94714 94715 e635b5 94714->94715 94716 ea32eb 94715->94716 94717 e635c0 94715->94717 94723 ea330d 94716->94723 94777 e7ce60 41 API calls 94716->94777 94765 e6515f 94717->94765 94722 e635df 94722->94693 94778 e64ecb 94724->94778 94727 ea3833 94800 ed2cf9 94727->94800 94729 e64ecb 94 API calls 94731 e644e1 94729->94731 94730 ea3848 94733 ea3869 94730->94733 94734 ea384c 94730->94734 94731->94727 94732 e644e9 94731->94732 94735 e644f5 94732->94735 94736 ea3854 94732->94736 94738 e7fe0b 22 API calls 94733->94738 94827 e64f39 94734->94827 94826 e6940c 136 API calls 2 library calls 94735->94826 94833 ecda5a 82 API calls 94736->94833 94752 ea38ae 94738->94752 94741 e62e31 94742 ea3862 94742->94733 94743 e64f39 68 API calls 94746 ea3a5f 94743->94746 94746->94743 94839 ec989b 82 API calls __wsopen_s 94746->94839 94749 e69cb3 22 API calls 94749->94752 94752->94746 94752->94749 94834 ec967e 22 API calls __fread_nolock 94752->94834 94835 ec95ad 42 API calls _wcslen 94752->94835 94836 ed0b5a 22 API calls 94752->94836 94837 e6a4a1 22 API calls __fread_nolock 94752->94837 94838 e63ff7 22 API calls 94752->94838 94754 e63aaf GetFullPathNameW 94753->94754 94754->94699 94754->94700 94756 e637ae 94755->94756 94757 e693b2 22 API calls 94756->94757 94758 e62e12 94757->94758 94758->94706 94760 e6a6dd 94759->94760 94764 e6a6d0 94759->94764 94761 e7fddb 22 API calls 94760->94761 94762 e6a6e7 94761->94762 94763 e7fe0b 22 API calls 94762->94763 94763->94764 94764->94703 94766 e6516e 94765->94766 94770 e6518f __fread_nolock 94765->94770 94769 e7fe0b 22 API calls 94766->94769 94767 e7fddb 22 API calls 94768 e635cc 94767->94768 94771 e635f3 94768->94771 94769->94770 94770->94767 94772 e63605 94771->94772 94776 e63624 __fread_nolock 94771->94776 94775 e7fe0b 22 API calls 94772->94775 94773 e7fddb 22 API calls 94774 e6363b 94773->94774 94774->94722 94775->94776 94776->94773 94777->94716 94840 e64e90 LoadLibraryA 94778->94840 94783 e64ef6 LoadLibraryExW 94848 e64e59 LoadLibraryA 94783->94848 94784 ea3ccf 94785 e64f39 68 API calls 94784->94785 94787 ea3cd6 94785->94787 94790 e64e59 3 API calls 94787->94790 94792 ea3cde 94790->94792 94791 e64f20 94791->94792 94793 e64f2c 94791->94793 94870 e650f5 40 API calls __fread_nolock 94792->94870 94794 e64f39 68 API calls 94793->94794 94796 e644cd 94794->94796 94796->94727 94796->94729 94797 ea3cf5 94871 ed28fe 27 API calls 94797->94871 94799 ea3d05 94801 ed2d15 94800->94801 94954 e6511f 64 API calls 94801->94954 94803 ed2d29 94955 ed2e66 75 API calls 94803->94955 94805 ed2d3b 94823 ed2d3f 94805->94823 94956 e650f5 40 API calls __fread_nolock 94805->94956 94807 ed2d56 94957 e650f5 40 API calls __fread_nolock 94807->94957 94809 ed2d66 94958 e650f5 40 API calls __fread_nolock 94809->94958 94811 ed2d81 94959 e650f5 40 API calls __fread_nolock 94811->94959 94813 ed2d9c 94960 e6511f 64 API calls 94813->94960 94815 ed2db3 94816 e8ea0c ___std_exception_copy 21 API calls 94815->94816 94817 ed2dba 94816->94817 94818 e8ea0c ___std_exception_copy 21 API calls 94817->94818 94819 ed2dc4 94818->94819 94961 e650f5 40 API calls __fread_nolock 94819->94961 94821 ed2dd8 94962 ed28fe 27 API calls 94821->94962 94823->94730 94824 ed2dee 94824->94823 94963 ed22ce 94824->94963 94826->94741 94828 e64f43 94827->94828 94829 e64f4a 94827->94829 94830 e8e678 67 API calls 94828->94830 94831 e64f6a FreeLibrary 94829->94831 94832 e64f59 94829->94832 94830->94829 94831->94832 94832->94736 94833->94742 94834->94752 94835->94752 94836->94752 94837->94752 94838->94752 94839->94746 94841 e64ec6 94840->94841 94842 e64ea8 GetProcAddress 94840->94842 94845 e8e5eb 94841->94845 94843 e64eb8 94842->94843 94843->94841 94844 e64ebf FreeLibrary 94843->94844 94844->94841 94872 e8e52a 94845->94872 94847 e64eea 94847->94783 94847->94784 94849 e64e6e GetProcAddress 94848->94849 94850 e64e8d 94848->94850 94851 e64e7e 94849->94851 94853 e64f80 94850->94853 94851->94850 94852 e64e86 FreeLibrary 94851->94852 94852->94850 94854 e7fe0b 22 API calls 94853->94854 94855 e64f95 94854->94855 94940 e65722 94855->94940 94857 e64fa1 __fread_nolock 94858 e650a5 94857->94858 94859 ea3d1d 94857->94859 94866 e64fdc 94857->94866 94943 e642a2 CreateStreamOnHGlobal 94858->94943 94951 ed304d 74 API calls 94859->94951 94862 ea3d22 94952 e6511f 64 API calls 94862->94952 94865 ea3d45 94953 e650f5 40 API calls __fread_nolock 94865->94953 94866->94862 94869 e6506e ISource 94866->94869 94949 e650f5 40 API calls __fread_nolock 94866->94949 94950 e6511f 64 API calls 94866->94950 94869->94791 94870->94797 94871->94799 94875 e8e536 BuildCatchObjectHelperInternal 94872->94875 94873 e8e544 94897 e8f2d9 20 API calls _abort 94873->94897 94875->94873 94877 e8e574 94875->94877 94876 e8e549 94898 e927ec 26 API calls _abort 94876->94898 94879 e8e579 94877->94879 94880 e8e586 94877->94880 94899 e8f2d9 20 API calls _abort 94879->94899 94889 e98061 94880->94889 94883 e8e58f 94884 e8e5a2 94883->94884 94885 e8e595 94883->94885 94901 e8e5d4 LeaveCriticalSection __fread_nolock 94884->94901 94900 e8f2d9 20 API calls _abort 94885->94900 94887 e8e554 __wsopen_s 94887->94847 94890 e9806d BuildCatchObjectHelperInternal 94889->94890 94902 e92f5e EnterCriticalSection 94890->94902 94892 e9807b 94903 e980fb 94892->94903 94896 e980ac __wsopen_s 94896->94883 94897->94876 94898->94887 94899->94887 94900->94887 94901->94887 94902->94892 94911 e9811e 94903->94911 94904 e98088 94916 e980b7 94904->94916 94905 e98177 94921 e94c7d 94905->94921 94910 e98189 94910->94904 94934 e93405 11 API calls 2 library calls 94910->94934 94911->94904 94911->94905 94911->94911 94919 e8918d EnterCriticalSection 94911->94919 94920 e891a1 LeaveCriticalSection 94911->94920 94913 e981a8 94935 e8918d EnterCriticalSection 94913->94935 94939 e92fa6 LeaveCriticalSection 94916->94939 94918 e980be 94918->94896 94919->94911 94920->94911 94927 e94c8a _abort 94921->94927 94922 e94cb5 RtlAllocateHeap 94925 e94cc8 94922->94925 94922->94927 94923 e94cca 94937 e8f2d9 20 API calls _abort 94923->94937 94928 e929c8 94925->94928 94927->94922 94927->94923 94936 e84ead 7 API calls 2 library calls 94927->94936 94929 e929d3 RtlFreeHeap 94928->94929 94933 e929fc _free 94928->94933 94930 e929e8 94929->94930 94929->94933 94938 e8f2d9 20 API calls _abort 94930->94938 94932 e929ee GetLastError 94932->94933 94933->94910 94934->94913 94935->94904 94936->94927 94937->94925 94938->94932 94939->94918 94941 e7fddb 22 API calls 94940->94941 94942 e65734 94941->94942 94942->94857 94944 e642bc FindResourceExW 94943->94944 94948 e642d9 94943->94948 94945 ea35ba LoadResource 94944->94945 94944->94948 94946 ea35cf SizeofResource 94945->94946 94945->94948 94947 ea35e3 LockResource 94946->94947 94946->94948 94947->94948 94948->94866 94949->94866 94950->94866 94951->94862 94952->94865 94953->94869 94954->94803 94955->94805 94956->94807 94957->94809 94958->94811 94959->94813 94960->94815 94961->94821 94962->94824 94964 ed22d9 94963->94964 94965 ed22e7 94963->94965 94966 e8e5eb 29 API calls 94964->94966 94967 ed232c 94965->94967 94968 e8e5eb 29 API calls 94965->94968 94991 ed22f0 94965->94991 94966->94965 94992 ed2557 40 API calls __fread_nolock 94967->94992 94970 ed2311 94968->94970 94970->94967 94972 ed231a 94970->94972 94971 ed2370 94973 ed2395 94971->94973 94974 ed2374 94971->94974 94972->94991 95000 e8e678 94972->95000 94993 ed2171 94973->94993 94978 e8e678 67 API calls 94974->94978 94979 ed2381 94974->94979 94977 ed239d 94980 ed23c3 94977->94980 94981 ed23a3 94977->94981 94978->94979 94982 e8e678 67 API calls 94979->94982 94979->94991 95013 ed23f3 74 API calls 94980->95013 94983 ed23b0 94981->94983 94985 e8e678 67 API calls 94981->94985 94982->94991 94986 e8e678 67 API calls 94983->94986 94983->94991 94985->94983 94986->94991 94987 ed23de 94990 e8e678 67 API calls 94987->94990 94987->94991 94988 ed23ca 94988->94987 94989 e8e678 67 API calls 94988->94989 94989->94987 94990->94991 94991->94823 94992->94971 94994 e8ea0c ___std_exception_copy 21 API calls 94993->94994 94995 ed217f 94994->94995 94996 e8ea0c ___std_exception_copy 21 API calls 94995->94996 94997 ed2190 94996->94997 94998 e8ea0c ___std_exception_copy 21 API calls 94997->94998 94999 ed219c 94998->94999 94999->94977 95001 e8e684 BuildCatchObjectHelperInternal 95000->95001 95002 e8e6aa 95001->95002 95003 e8e695 95001->95003 95012 e8e6a5 __wsopen_s 95002->95012 95014 e8918d EnterCriticalSection 95002->95014 95031 e8f2d9 20 API calls _abort 95003->95031 95006 e8e69a 95032 e927ec 26 API calls _abort 95006->95032 95007 e8e6c6 95015 e8e602 95007->95015 95010 e8e6d1 95033 e8e6ee LeaveCriticalSection __fread_nolock 95010->95033 95012->94991 95013->94988 95014->95007 95016 e8e60f 95015->95016 95017 e8e624 95015->95017 95066 e8f2d9 20 API calls _abort 95016->95066 95024 e8e61f 95017->95024 95034 e8dc0b 95017->95034 95020 e8e614 95067 e927ec 26 API calls _abort 95020->95067 95024->95010 95027 e8e646 95051 e9862f 95027->95051 95030 e929c8 _free 20 API calls 95030->95024 95031->95006 95032->95012 95033->95012 95035 e8dc23 95034->95035 95037 e8dc1f 95034->95037 95036 e8d955 __fread_nolock 26 API calls 95035->95036 95035->95037 95038 e8dc43 95036->95038 95040 e94d7a 95037->95040 95068 e959be 62 API calls 5 library calls 95038->95068 95041 e94d90 95040->95041 95042 e8e640 95040->95042 95041->95042 95043 e929c8 _free 20 API calls 95041->95043 95044 e8d955 95042->95044 95043->95042 95045 e8d961 95044->95045 95046 e8d976 95044->95046 95069 e8f2d9 20 API calls _abort 95045->95069 95046->95027 95048 e8d966 95070 e927ec 26 API calls _abort 95048->95070 95050 e8d971 95050->95027 95052 e9863e 95051->95052 95053 e98653 95051->95053 95074 e8f2c6 20 API calls _abort 95052->95074 95055 e9868e 95053->95055 95060 e9867a 95053->95060 95076 e8f2c6 20 API calls _abort 95055->95076 95057 e98643 95075 e8f2d9 20 API calls _abort 95057->95075 95058 e98693 95077 e8f2d9 20 API calls _abort 95058->95077 95071 e98607 95060->95071 95063 e9869b 95078 e927ec 26 API calls _abort 95063->95078 95064 e8e64c 95064->95024 95064->95030 95066->95020 95067->95024 95068->95037 95069->95048 95070->95050 95079 e98585 95071->95079 95073 e9862b 95073->95064 95074->95057 95075->95064 95076->95058 95077->95063 95078->95064 95080 e98591 BuildCatchObjectHelperInternal 95079->95080 95090 e95147 EnterCriticalSection 95080->95090 95082 e9859f 95083 e985d1 95082->95083 95084 e985c6 95082->95084 95106 e8f2d9 20 API calls _abort 95083->95106 95091 e986ae 95084->95091 95087 e985cc 95107 e985fb LeaveCriticalSection __wsopen_s 95087->95107 95089 e985ee __wsopen_s 95089->95073 95090->95082 95108 e953c4 95091->95108 95093 e986c4 95121 e95333 21 API calls 3 library calls 95093->95121 95094 e986be 95094->95093 95095 e986f6 95094->95095 95097 e953c4 __wsopen_s 26 API calls 95094->95097 95095->95093 95098 e953c4 __wsopen_s 26 API calls 95095->95098 95100 e986ed 95097->95100 95101 e98702 CloseHandle 95098->95101 95099 e9871c 95102 e9873e 95099->95102 95122 e8f2a3 20 API calls 2 library calls 95099->95122 95104 e953c4 __wsopen_s 26 API calls 95100->95104 95101->95093 95105 e9870e GetLastError 95101->95105 95102->95087 95104->95095 95105->95093 95106->95087 95107->95089 95109 e953d1 95108->95109 95110 e953e6 95108->95110 95111 e8f2c6 __dosmaperr 20 API calls 95109->95111 95113 e8f2c6 __dosmaperr 20 API calls 95110->95113 95115 e9540b 95110->95115 95112 e953d6 95111->95112 95114 e8f2d9 _free 20 API calls 95112->95114 95116 e95416 95113->95116 95118 e953de 95114->95118 95115->95094 95117 e8f2d9 _free 20 API calls 95116->95117 95119 e9541e 95117->95119 95118->95094 95120 e927ec _abort 26 API calls 95119->95120 95120->95118 95121->95099 95122->95102 95123 ea2402 95126 e61410 95123->95126 95127 ea24b8 DestroyWindow 95126->95127 95128 e6144f mciSendStringW 95126->95128 95140 ea24c4 95127->95140 95129 e616c6 95128->95129 95130 e6146b 95128->95130 95129->95130 95132 e616d5 UnregisterHotKey 95129->95132 95131 e61479 95130->95131 95130->95140 95159 e6182e 95131->95159 95132->95129 95134 ea24d8 95134->95140 95165 e66246 CloseHandle 95134->95165 95135 ea24e2 FindClose 95135->95140 95137 ea2509 95141 ea252d 95137->95141 95142 ea251c FreeLibrary 95137->95142 95139 e6148e 95139->95141 95149 e6149c 95139->95149 95140->95134 95140->95135 95140->95137 95143 ea2541 VirtualFree 95141->95143 95150 e61509 95141->95150 95142->95137 95143->95141 95144 e614f8 CoUninitialize 95144->95150 95145 e61514 95147 e61524 95145->95147 95146 ea2589 95152 ea2598 ISource 95146->95152 95166 ed32eb 6 API calls ISource 95146->95166 95163 e61944 VirtualFreeEx CloseHandle 95147->95163 95149->95144 95150->95145 95150->95146 95155 ea2627 95152->95155 95167 ec64d4 22 API calls ISource 95152->95167 95154 e6153a 95154->95152 95156 e6161f 95154->95156 95155->95155 95156->95155 95164 e61876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95156->95164 95158 e616c1 95160 e6183b 95159->95160 95161 e61480 95160->95161 95168 ec702a 22 API calls 95160->95168 95161->95137 95161->95139 95163->95154 95164->95158 95165->95134 95166->95146 95167->95152 95168->95160 95169 e61cad SystemParametersInfoW 95170 eb2a00 95186 e6d7b0 ISource 95170->95186 95171 e6db11 PeekMessageW 95171->95186 95172 e6d807 GetInputState 95172->95171 95172->95186 95173 eb1cbe TranslateAcceleratorW 95173->95186 95175 e6db8f PeekMessageW 95175->95186 95176 e6da04 timeGetTime 95176->95186 95177 e6db73 TranslateMessage DispatchMessageW 95177->95175 95178 e6dbaf Sleep 95178->95186 95179 eb2b74 Sleep 95192 eb2a51 95179->95192 95182 eb1dda timeGetTime 95331 e7e300 23 API calls 95182->95331 95185 eb2c0b GetExitCodeProcess 95190 eb2c21 WaitForSingleObject 95185->95190 95191 eb2c37 CloseHandle 95185->95191 95186->95171 95186->95172 95186->95173 95186->95175 95186->95176 95186->95177 95186->95178 95186->95179 95186->95182 95189 e6d9d5 95186->95189 95186->95192 95198 e6ec40 348 API calls 95186->95198 95202 e6dd50 95186->95202 95209 e71310 95186->95209 95266 e6bf40 95186->95266 95324 e7edf6 95186->95324 95329 e6dfd0 348 API calls 3 library calls 95186->95329 95330 e7e551 timeGetTime 95186->95330 95332 ed3a2a 23 API calls 95186->95332 95333 ed359c 82 API calls __wsopen_s 95186->95333 95187 ef29bf GetForegroundWindow 95187->95192 95190->95186 95190->95191 95191->95192 95192->95185 95192->95186 95192->95187 95192->95189 95193 eb2ca9 Sleep 95192->95193 95334 ee5658 23 API calls 95192->95334 95335 ece97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95192->95335 95336 e7e551 timeGetTime 95192->95336 95337 ecd4dc CreateToolhelp32Snapshot Process32FirstW 95192->95337 95193->95186 95198->95186 95203 e6dd83 95202->95203 95204 e6dd6f 95202->95204 95379 ed359c 82 API calls __wsopen_s 95203->95379 95347 e6d260 95204->95347 95206 e6dd7a 95206->95186 95208 eb2f75 95208->95208 95210 e71376 95209->95210 95211 e717b0 95209->95211 95212 e71390 95210->95212 95213 eb6331 95210->95213 95418 e80242 5 API calls __Init_thread_wait 95211->95418 95215 e71940 9 API calls 95212->95215 95428 ee709c 348 API calls 95213->95428 95218 e713a0 95215->95218 95217 e717ba 95220 e717fb 95217->95220 95419 e69cb3 95217->95419 95221 e71940 9 API calls 95218->95221 95219 eb633d 95219->95186 95224 eb6346 95220->95224 95226 e7182c 95220->95226 95223 e713b6 95221->95223 95223->95220 95225 e713ec 95223->95225 95429 ed359c 82 API calls __wsopen_s 95224->95429 95225->95224 95249 e71408 __fread_nolock 95225->95249 95227 e6aceb 23 API calls 95226->95227 95229 e71839 95227->95229 95426 e7d217 348 API calls 95229->95426 95230 e717d4 95425 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95230->95425 95233 eb636e 95430 ed359c 82 API calls __wsopen_s 95233->95430 95235 e7152f 95236 eb63d1 95235->95236 95237 e7153c 95235->95237 95432 ee5745 54 API calls _wcslen 95236->95432 95238 e71940 9 API calls 95237->95238 95240 e71549 95238->95240 95244 eb64fa 95240->95244 95246 e71940 9 API calls 95240->95246 95241 e7fddb 22 API calls 95241->95249 95242 e71872 95427 e7faeb 23 API calls 95242->95427 95243 e7fe0b 22 API calls 95243->95249 95253 eb6369 95244->95253 95434 ed359c 82 API calls __wsopen_s 95244->95434 95251 e71563 95246->95251 95248 e6ec40 348 API calls 95248->95249 95249->95229 95249->95233 95249->95235 95249->95241 95249->95243 95249->95248 95250 eb63b2 95249->95250 95249->95253 95431 ed359c 82 API calls __wsopen_s 95250->95431 95251->95244 95256 e715c7 ISource 95251->95256 95433 e6a8c7 22 API calls __fread_nolock 95251->95433 95253->95186 95255 e71940 9 API calls 95255->95256 95256->95242 95256->95244 95256->95253 95256->95255 95259 e7167b ISource 95256->95259 95389 eeabf7 95256->95389 95394 ed5c5a 95256->95394 95399 ef1591 95256->95399 95402 e7f645 95256->95402 95409 eeab67 95256->95409 95412 eea2ea 95256->95412 95257 e7171d 95257->95186 95259->95257 95417 e7ce17 22 API calls ISource 95259->95417 95606 e6adf0 95266->95606 95268 e6bf9d 95269 eb04b6 95268->95269 95270 e6bfa9 95268->95270 95624 ed359c 82 API calls __wsopen_s 95269->95624 95272 eb04c6 95270->95272 95273 e6c01e 95270->95273 95625 ed359c 82 API calls __wsopen_s 95272->95625 95611 e6ac91 95273->95611 95276 eb04f5 95295 eb055a 95276->95295 95626 e7d217 348 API calls 95276->95626 95277 ec7120 22 API calls 95287 e6c039 ISource __fread_nolock 95277->95287 95278 e6c7da 95282 e7fe0b 22 API calls 95278->95282 95285 e6c808 __fread_nolock 95282->95285 95292 e7fe0b 22 API calls 95285->95292 95287->95276 95287->95277 95287->95278 95287->95285 95288 e6ec40 348 API calls 95287->95288 95289 e7fddb 22 API calls 95287->95289 95290 e6af8a 22 API calls 95287->95290 95291 eb091a 95287->95291 95287->95295 95296 eb08a5 95287->95296 95300 eb0591 95287->95300 95303 eb08f6 95287->95303 95306 e6aceb 23 API calls 95287->95306 95307 e6c237 95287->95307 95310 e6c603 95287->95310 95317 eb09bf 95287->95317 95319 e6bbe0 40 API calls 95287->95319 95322 e7fe0b 22 API calls 95287->95322 95615 e6ad81 95287->95615 95629 ec7099 22 API calls __fread_nolock 95287->95629 95630 ee5745 54 API calls _wcslen 95287->95630 95631 e7aa42 22 API calls ISource 95287->95631 95632 ecf05c 40 API calls 95287->95632 95633 e6a993 41 API calls 95287->95633 95288->95287 95289->95287 95290->95287 95636 ed3209 23 API calls 95291->95636 95312 e6c350 ISource __fread_nolock 95292->95312 95295->95310 95627 ed359c 82 API calls __wsopen_s 95295->95627 95297 e6ec40 348 API calls 95296->95297 95298 eb08cf 95297->95298 95298->95310 95634 e6a81b 41 API calls 95298->95634 95628 ed359c 82 API calls __wsopen_s 95300->95628 95635 ed359c 82 API calls __wsopen_s 95303->95635 95306->95287 95308 e6c253 95307->95308 95637 e6a8c7 22 API calls __fread_nolock 95307->95637 95311 eb0976 95308->95311 95315 e6c297 ISource 95308->95315 95310->95186 95314 e6aceb 23 API calls 95311->95314 95323 e6c3ac 95312->95323 95623 e7ce17 22 API calls ISource 95312->95623 95314->95317 95316 e6aceb 23 API calls 95315->95316 95315->95317 95318 e6c335 95316->95318 95317->95310 95638 ed359c 82 API calls __wsopen_s 95317->95638 95318->95317 95320 e6c342 95318->95320 95319->95287 95622 e6a704 22 API calls ISource 95320->95622 95322->95287 95323->95186 95325 e7ee09 95324->95325 95328 e7ee12 95324->95328 95325->95186 95326 e7ee36 IsDialogMessageW 95326->95325 95326->95328 95327 ebefaf GetClassLongW 95327->95326 95327->95328 95328->95325 95328->95326 95328->95327 95329->95186 95330->95186 95331->95186 95332->95186 95333->95186 95334->95192 95335->95192 95336->95192 95648 ecdef7 95337->95648 95339 ecd529 Process32NextW 95340 ecd5db CloseHandle 95339->95340 95346 ecd522 95339->95346 95340->95192 95341 e6a961 22 API calls 95341->95346 95342 e69cb3 22 API calls 95342->95346 95346->95339 95346->95340 95346->95341 95346->95342 95654 e6525f 22 API calls 95346->95654 95655 e66350 22 API calls 95346->95655 95656 e7ce60 41 API calls 95346->95656 95348 e6ec40 348 API calls 95347->95348 95350 e6d29d 95348->95350 95349 e6d30b ISource 95349->95206 95350->95349 95351 e6d6d5 95350->95351 95353 e6d3c3 95350->95353 95358 e6d4b8 95350->95358 95362 e7fddb 22 API calls 95350->95362 95365 eb1bc4 95350->95365 95374 e6d429 ISource __fread_nolock 95350->95374 95351->95349 95363 e7fe0b 22 API calls 95351->95363 95353->95351 95355 e6d3ce 95353->95355 95354 e6d5ff 95356 e6d614 95354->95356 95357 eb1bb5 95354->95357 95359 e7fddb 22 API calls 95355->95359 95360 e7fddb 22 API calls 95356->95360 95387 ee5705 23 API calls 95357->95387 95364 e7fe0b 22 API calls 95358->95364 95368 e6d3d5 __fread_nolock 95359->95368 95372 e6d46a 95360->95372 95362->95350 95363->95368 95364->95374 95388 ed359c 82 API calls __wsopen_s 95365->95388 95366 e7fddb 22 API calls 95367 e6d3f6 95366->95367 95367->95374 95380 e6bec0 348 API calls 95367->95380 95368->95366 95368->95367 95370 eb1ba4 95386 ed359c 82 API calls __wsopen_s 95370->95386 95372->95206 95374->95354 95374->95370 95374->95372 95375 eb1b7f 95374->95375 95377 eb1b5d 95374->95377 95381 e61f6f 95374->95381 95385 ed359c 82 API calls __wsopen_s 95375->95385 95384 ed359c 82 API calls __wsopen_s 95377->95384 95379->95208 95380->95374 95382 e6ec40 348 API calls 95381->95382 95383 e61f98 95382->95383 95383->95374 95384->95372 95385->95372 95386->95372 95387->95365 95388->95349 95435 eeaff9 95389->95435 95391 eeac54 95391->95256 95392 eeac0c 95392->95391 95393 e6aceb 23 API calls 95392->95393 95393->95391 95395 e67510 53 API calls 95394->95395 95396 ed5c6d 95395->95396 95590 ecdbbe lstrlenW 95396->95590 95398 ed5c77 95398->95256 95595 ef2ad8 95399->95595 95401 ef159f 95401->95256 95403 e6b567 39 API calls 95402->95403 95404 e7f659 95403->95404 95405 e7f661 timeGetTime 95404->95405 95406 ebf2dc Sleep 95404->95406 95407 e6b567 39 API calls 95405->95407 95408 e7f677 95407->95408 95408->95256 95410 eeaff9 217 API calls 95409->95410 95411 eeab79 95410->95411 95411->95256 95413 e67510 53 API calls 95412->95413 95414 eea306 95413->95414 95415 ecd4dc 47 API calls 95414->95415 95416 eea315 95415->95416 95416->95256 95417->95259 95418->95217 95420 e69cc2 _wcslen 95419->95420 95421 e7fe0b 22 API calls 95420->95421 95422 e69cea __fread_nolock 95421->95422 95423 e7fddb 22 API calls 95422->95423 95424 e69d00 95423->95424 95424->95230 95425->95220 95426->95242 95427->95242 95428->95219 95429->95253 95430->95253 95431->95253 95432->95251 95433->95256 95434->95253 95436 eeb01d ___scrt_fastfail 95435->95436 95437 eeb058 95436->95437 95438 eeb094 95436->95438 95556 e6b567 95437->95556 95440 e6b567 39 API calls 95438->95440 95445 eeb08b 95438->95445 95444 eeb0a5 95440->95444 95441 eeb063 95441->95445 95449 e6b567 39 API calls 95441->95449 95442 eeb0ed 95526 e67510 95442->95526 95448 e6b567 39 API calls 95444->95448 95445->95442 95446 e6b567 39 API calls 95445->95446 95446->95442 95448->95445 95451 eeb078 95449->95451 95453 e6b567 39 API calls 95451->95453 95452 eeb115 95454 eeb11f 95452->95454 95455 eeb1d8 95452->95455 95453->95445 95457 e67510 53 API calls 95454->95457 95456 eeb20a GetCurrentDirectoryW 95455->95456 95458 e67510 53 API calls 95455->95458 95459 e7fe0b 22 API calls 95456->95459 95460 eeb130 95457->95460 95461 eeb1ef 95458->95461 95462 eeb22f GetCurrentDirectoryW 95459->95462 95463 e67620 22 API calls 95460->95463 95464 e67620 22 API calls 95461->95464 95465 eeb23c 95462->95465 95466 eeb13a 95463->95466 95467 eeb1f9 _wcslen 95464->95467 95469 eeb275 95465->95469 95561 e69c6e 22 API calls 95465->95561 95468 e67510 53 API calls 95466->95468 95467->95456 95467->95469 95470 eeb14b 95468->95470 95477 eeb28b 95469->95477 95478 eeb287 95469->95478 95472 e67620 22 API calls 95470->95472 95474 eeb155 95472->95474 95473 eeb255 95562 e69c6e 22 API calls 95473->95562 95476 e67510 53 API calls 95474->95476 95480 eeb166 95476->95480 95564 ed07c0 10 API calls 95477->95564 95482 eeb39a CreateProcessW 95478->95482 95483 eeb2f8 95478->95483 95479 eeb265 95563 e69c6e 22 API calls 95479->95563 95485 e67620 22 API calls 95480->95485 95510 eeb32f _wcslen 95482->95510 95567 ec11c8 39 API calls 95483->95567 95488 eeb170 95485->95488 95486 eeb294 95565 ed06e6 10 API calls 95486->95565 95491 eeb1a6 GetSystemDirectoryW 95488->95491 95495 e67510 53 API calls 95488->95495 95490 eeb2fd 95493 eeb32a 95490->95493 95494 eeb323 95490->95494 95497 e7fe0b 22 API calls 95491->95497 95492 eeb2aa 95566 ed05a7 8 API calls 95492->95566 95569 ec14ce 6 API calls 95493->95569 95568 ec1201 128 API calls 2 library calls 95494->95568 95499 eeb187 95495->95499 95502 eeb1cb GetSystemDirectoryW 95497->95502 95504 e67620 22 API calls 95499->95504 95501 eeb2d0 95501->95478 95502->95465 95503 eeb328 95503->95510 95507 eeb191 _wcslen 95504->95507 95505 eeb42f CloseHandle 95508 eeb43f 95505->95508 95519 eeb49a 95505->95519 95506 eeb3d6 GetLastError 95518 eeb41a 95506->95518 95507->95465 95507->95491 95511 eeb446 CloseHandle 95508->95511 95512 eeb451 95508->95512 95510->95505 95510->95506 95510->95510 95511->95512 95514 eeb458 CloseHandle 95512->95514 95515 eeb463 95512->95515 95513 eeb4a6 95513->95518 95514->95515 95516 eeb46a CloseHandle 95515->95516 95517 eeb475 95515->95517 95516->95517 95570 ed09d9 34 API calls 95517->95570 95553 ed0175 95518->95553 95519->95513 95524 eeb4d2 CloseHandle 95519->95524 95523 eeb486 95571 eeb536 25 API calls 95523->95571 95524->95518 95527 e67525 95526->95527 95542 e67522 95526->95542 95528 e6752d 95527->95528 95529 e6755b 95527->95529 95572 e851c6 26 API calls 95528->95572 95532 ea500f 95529->95532 95533 e6756d 95529->95533 95540 ea50f6 95529->95540 95543 e7fe0b 22 API calls 95532->95543 95544 ea5088 95532->95544 95573 e7fb21 51 API calls 95533->95573 95534 e6753d 95538 e7fddb 22 API calls 95534->95538 95535 ea510e 95535->95535 95539 e67547 95538->95539 95541 e69cb3 22 API calls 95539->95541 95575 e85183 26 API calls 95540->95575 95541->95542 95549 e67620 95542->95549 95545 ea5058 95543->95545 95574 e7fb21 51 API calls 95544->95574 95546 e7fddb 22 API calls 95545->95546 95547 ea507f 95546->95547 95548 e69cb3 22 API calls 95547->95548 95548->95544 95550 e6762a _wcslen 95549->95550 95551 e7fe0b 22 API calls 95550->95551 95552 e6763f 95551->95552 95552->95452 95576 ed030f 95553->95576 95557 e6b578 95556->95557 95558 e6b57f 95556->95558 95557->95558 95589 e862d1 39 API calls 95557->95589 95558->95441 95560 e6b5c2 95560->95441 95561->95473 95562->95479 95563->95469 95564->95486 95565->95492 95566->95501 95567->95490 95568->95503 95569->95510 95570->95523 95571->95519 95572->95534 95573->95534 95574->95540 95575->95535 95577 ed0329 95576->95577 95578 ed0321 CloseHandle 95576->95578 95579 ed032e CloseHandle 95577->95579 95580 ed0336 95577->95580 95578->95577 95579->95580 95581 ed033b CloseHandle 95580->95581 95582 ed0343 95580->95582 95581->95582 95583 ed0348 CloseHandle 95582->95583 95584 ed0350 95582->95584 95583->95584 95585 ed035d 95584->95585 95586 ed0355 CloseHandle 95584->95586 95587 ed017d 95585->95587 95588 ed0362 CloseHandle 95585->95588 95586->95585 95587->95392 95588->95587 95589->95560 95591 ecdbdc GetFileAttributesW 95590->95591 95592 ecdc06 95590->95592 95591->95592 95593 ecdbe8 FindFirstFileW 95591->95593 95592->95398 95593->95592 95594 ecdbf9 FindClose 95593->95594 95594->95592 95596 e6aceb 23 API calls 95595->95596 95597 ef2af3 95596->95597 95598 ef2aff 95597->95598 95599 ef2b1d 95597->95599 95600 e67510 53 API calls 95598->95600 95601 e66b57 22 API calls 95599->95601 95602 ef2b0c 95600->95602 95604 ef2b1b 95601->95604 95602->95604 95605 e6a8c7 22 API calls __fread_nolock 95602->95605 95604->95401 95605->95604 95607 e6ae01 95606->95607 95610 e6ae1c ISource 95606->95610 95608 e6aec9 22 API calls 95607->95608 95609 e6ae09 CharUpperBuffW 95608->95609 95609->95610 95610->95268 95612 e6acae 95611->95612 95613 e6acd1 95612->95613 95639 ed359c 82 API calls __wsopen_s 95612->95639 95613->95287 95616 eafadb 95615->95616 95617 e6ad92 95615->95617 95618 e7fddb 22 API calls 95617->95618 95619 e6ad99 95618->95619 95640 e6adcd 95619->95640 95622->95312 95623->95312 95624->95272 95625->95310 95626->95295 95627->95310 95628->95310 95629->95287 95630->95287 95631->95287 95632->95287 95633->95287 95634->95303 95635->95310 95636->95307 95637->95308 95638->95310 95639->95613 95646 e6addd 95640->95646 95641 e6adb6 95641->95287 95642 e7fddb 22 API calls 95642->95646 95643 e6a961 22 API calls 95643->95646 95644 e6adcd 22 API calls 95644->95646 95646->95641 95646->95642 95646->95643 95646->95644 95647 e6a8c7 22 API calls __fread_nolock 95646->95647 95647->95646 95649 ecdf02 95648->95649 95650 ecdf19 95649->95650 95653 ecdf1f 95649->95653 95657 e863b2 GetStringTypeW _strftime 95649->95657 95658 e862fb 39 API calls 95650->95658 95653->95346 95654->95346 95655->95346 95656->95346 95657->95649 95658->95653 95659 e98402 95664 e981be 95659->95664 95662 e9842a 95669 e981ef try_get_first_available_module 95664->95669 95666 e983ee 95683 e927ec 26 API calls _abort 95666->95683 95668 e98343 95668->95662 95676 ea0984 95668->95676 95672 e98338 95669->95672 95679 e88e0b 40 API calls 2 library calls 95669->95679 95671 e9838c 95671->95672 95680 e88e0b 40 API calls 2 library calls 95671->95680 95672->95668 95682 e8f2d9 20 API calls _abort 95672->95682 95674 e983ab 95674->95672 95681 e88e0b 40 API calls 2 library calls 95674->95681 95684 ea0081 95676->95684 95678 ea099f 95678->95662 95679->95671 95680->95674 95681->95672 95682->95666 95683->95668 95686 ea008d BuildCatchObjectHelperInternal 95684->95686 95685 ea009b 95741 e8f2d9 20 API calls _abort 95685->95741 95686->95685 95688 ea00d4 95686->95688 95695 ea065b 95688->95695 95689 ea00a0 95742 e927ec 26 API calls _abort 95689->95742 95694 ea00aa __wsopen_s 95694->95678 95696 ea0678 95695->95696 95697 ea068d 95696->95697 95698 ea06a6 95696->95698 95758 e8f2c6 20 API calls _abort 95697->95758 95744 e95221 95698->95744 95701 ea0692 95759 e8f2d9 20 API calls _abort 95701->95759 95702 ea06ab 95703 ea06cb 95702->95703 95704 ea06b4 95702->95704 95757 ea039a CreateFileW 95703->95757 95760 e8f2c6 20 API calls _abort 95704->95760 95708 ea06b9 95761 e8f2d9 20 API calls _abort 95708->95761 95709 ea0781 GetFileType 95712 ea078c GetLastError 95709->95712 95713 ea07d3 95709->95713 95711 ea0756 GetLastError 95763 e8f2a3 20 API calls 2 library calls 95711->95763 95764 e8f2a3 20 API calls 2 library calls 95712->95764 95766 e9516a 21 API calls 3 library calls 95713->95766 95714 ea0704 95714->95709 95714->95711 95762 ea039a CreateFileW 95714->95762 95718 ea079a CloseHandle 95718->95701 95721 ea07c3 95718->95721 95720 ea0749 95720->95709 95720->95711 95765 e8f2d9 20 API calls _abort 95721->95765 95722 ea07f4 95725 ea0840 95722->95725 95767 ea05ab 72 API calls 4 library calls 95722->95767 95724 ea07c8 95724->95701 95729 ea086d 95725->95729 95768 ea014d 72 API calls 4 library calls 95725->95768 95728 ea0866 95728->95729 95730 ea087e 95728->95730 95731 e986ae __wsopen_s 29 API calls 95729->95731 95732 ea00f8 95730->95732 95733 ea08fc CloseHandle 95730->95733 95731->95732 95743 ea0121 LeaveCriticalSection __wsopen_s 95732->95743 95769 ea039a CreateFileW 95733->95769 95735 ea0927 95736 ea095d 95735->95736 95737 ea0931 GetLastError 95735->95737 95736->95732 95770 e8f2a3 20 API calls 2 library calls 95737->95770 95739 ea093d 95771 e95333 21 API calls 3 library calls 95739->95771 95741->95689 95742->95694 95743->95694 95745 e9522d BuildCatchObjectHelperInternal 95744->95745 95772 e92f5e EnterCriticalSection 95745->95772 95747 e95234 95748 e95259 95747->95748 95751 e952c7 EnterCriticalSection 95747->95751 95754 e9527b 95747->95754 95776 e95000 95748->95776 95751->95754 95755 e952d4 LeaveCriticalSection 95751->95755 95753 e952a4 __wsopen_s 95753->95702 95773 e9532a 95754->95773 95755->95747 95757->95714 95758->95701 95759->95732 95760->95708 95761->95701 95762->95720 95763->95701 95764->95718 95765->95724 95766->95722 95767->95725 95768->95728 95769->95735 95770->95739 95771->95736 95772->95747 95784 e92fa6 LeaveCriticalSection 95773->95784 95775 e95331 95775->95753 95777 e94c7d _abort 20 API calls 95776->95777 95778 e95012 95777->95778 95782 e9501f 95778->95782 95785 e93405 11 API calls 2 library calls 95778->95785 95779 e929c8 _free 20 API calls 95780 e95071 95779->95780 95780->95754 95783 e95147 EnterCriticalSection 95780->95783 95782->95779 95783->95754 95784->95775 95785->95778 95786 ea2ba5 95787 e62b25 95786->95787 95788 ea2baf 95786->95788 95814 e62b83 7 API calls 95787->95814 95832 e63a5a 95788->95832 95792 ea2bb8 95794 e69cb3 22 API calls 95792->95794 95796 ea2bc6 95794->95796 95795 e62b2f 95801 e62b44 95795->95801 95818 e63837 95795->95818 95797 ea2bce 95796->95797 95798 ea2bf5 95796->95798 95839 e633c6 95797->95839 95799 e633c6 22 API calls 95798->95799 95804 ea2bf1 GetForegroundWindow ShellExecuteW 95799->95804 95805 e62b5f 95801->95805 95828 e630f2 95801->95828 95810 ea2c26 95804->95810 95812 e62b66 SetCurrentDirectoryW 95805->95812 95809 ea2be7 95811 e633c6 22 API calls 95809->95811 95810->95805 95811->95804 95813 e62b7a 95812->95813 95849 e62cd4 7 API calls 95814->95849 95816 e62b2a 95817 e62c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95816->95817 95817->95795 95819 e63862 ___scrt_fastfail 95818->95819 95850 e64212 95819->95850 95822 e638e8 95824 e63906 Shell_NotifyIconW 95822->95824 95825 ea3386 Shell_NotifyIconW 95822->95825 95854 e63923 95824->95854 95827 e6391c 95827->95801 95829 e63154 95828->95829 95830 e63104 ___scrt_fastfail 95828->95830 95829->95805 95831 e63123 Shell_NotifyIconW 95830->95831 95831->95829 95833 ea1f50 __wsopen_s 95832->95833 95834 e63a67 GetModuleFileNameW 95833->95834 95835 e69cb3 22 API calls 95834->95835 95836 e63a8d 95835->95836 95837 e63aa2 23 API calls 95836->95837 95838 e63a97 95837->95838 95838->95792 95840 ea30bb 95839->95840 95841 e633dd 95839->95841 95843 e7fddb 22 API calls 95840->95843 95885 e633ee 95841->95885 95845 ea30c5 _wcslen 95843->95845 95844 e633e8 95848 e66350 22 API calls 95844->95848 95846 e7fe0b 22 API calls 95845->95846 95847 ea30fe __fread_nolock 95846->95847 95848->95809 95849->95816 95851 e638b7 95850->95851 95852 ea35a4 95850->95852 95851->95822 95876 ecc874 42 API calls _strftime 95851->95876 95852->95851 95853 ea35ad DestroyIcon 95852->95853 95853->95851 95855 e6393f 95854->95855 95874 e63a13 95854->95874 95877 e66270 95855->95877 95858 ea3393 LoadStringW 95861 ea33ad 95858->95861 95859 e6395a 95860 e66b57 22 API calls 95859->95860 95862 e6396f 95860->95862 95869 e63994 ___scrt_fastfail 95861->95869 95883 e6a8c7 22 API calls __fread_nolock 95861->95883 95863 ea33c9 95862->95863 95864 e6397c 95862->95864 95884 e66350 22 API calls 95863->95884 95864->95861 95866 e63986 95864->95866 95882 e66350 22 API calls 95866->95882 95872 e639f9 Shell_NotifyIconW 95869->95872 95870 ea33d7 95870->95869 95871 e633c6 22 API calls 95870->95871 95873 ea33f9 95871->95873 95872->95874 95875 e633c6 22 API calls 95873->95875 95874->95827 95875->95869 95876->95822 95878 e7fe0b 22 API calls 95877->95878 95879 e66295 95878->95879 95880 e7fddb 22 API calls 95879->95880 95881 e6394d 95880->95881 95881->95858 95881->95859 95882->95869 95883->95869 95884->95870 95886 e633fe _wcslen 95885->95886 95887 ea311d 95886->95887 95888 e63411 95886->95888 95890 e7fddb 22 API calls 95887->95890 95895 e6a587 95888->95895 95892 ea3127 95890->95892 95891 e6341e __fread_nolock 95891->95844 95893 e7fe0b 22 API calls 95892->95893 95894 ea3157 __fread_nolock 95893->95894 95896 e6a59d 95895->95896 95899 e6a598 __fread_nolock 95895->95899 95897 e7fe0b 22 API calls 95896->95897 95898 eaf80f 95896->95898 95897->95899 95898->95898 95899->95891 95900 e63156 95903 e63170 95900->95903 95904 e63187 95903->95904 95905 e6318c 95904->95905 95906 e631eb 95904->95906 95942 e631e9 95904->95942 95907 e63265 PostQuitMessage 95905->95907 95908 e63199 95905->95908 95910 ea2dfb 95906->95910 95911 e631f1 95906->95911 95915 e6316a 95907->95915 95913 e631a4 95908->95913 95914 ea2e7c 95908->95914 95909 e631d0 DefWindowProcW 95909->95915 95958 e618e2 10 API calls 95910->95958 95916 e6321d SetTimer RegisterWindowMessageW 95911->95916 95917 e631f8 95911->95917 95919 ea2e68 95913->95919 95920 e631ae 95913->95920 95961 ecbf30 34 API calls ___scrt_fastfail 95914->95961 95916->95915 95921 e63246 CreatePopupMenu 95916->95921 95923 ea2d9c 95917->95923 95924 e63201 KillTimer 95917->95924 95918 ea2e1c 95959 e7e499 42 API calls 95918->95959 95948 ecc161 95919->95948 95928 ea2e4d 95920->95928 95929 e631b9 95920->95929 95921->95915 95931 ea2da1 95923->95931 95932 ea2dd7 MoveWindow 95923->95932 95925 e630f2 Shell_NotifyIconW 95924->95925 95933 e63214 95925->95933 95928->95909 95960 ec0ad7 22 API calls 95928->95960 95934 e631c4 95929->95934 95935 e63253 95929->95935 95930 ea2e8e 95930->95909 95930->95915 95936 ea2dc6 SetFocus 95931->95936 95937 ea2da7 95931->95937 95932->95915 95955 e63c50 DeleteObject DestroyWindow 95933->95955 95934->95909 95945 e630f2 Shell_NotifyIconW 95934->95945 95956 e6326f 44 API calls ___scrt_fastfail 95935->95956 95936->95915 95937->95934 95941 ea2db0 95937->95941 95957 e618e2 10 API calls 95941->95957 95942->95909 95943 e63263 95943->95915 95946 ea2e41 95945->95946 95947 e63837 49 API calls 95946->95947 95947->95942 95949 ecc179 ___scrt_fastfail 95948->95949 95950 ecc276 95948->95950 95951 e63923 24 API calls 95949->95951 95950->95915 95953 ecc1a0 95951->95953 95952 ecc25f KillTimer SetTimer 95952->95950 95953->95952 95954 ecc251 Shell_NotifyIconW 95953->95954 95954->95952 95955->95915 95956->95943 95957->95915 95958->95918 95959->95934 95960->95942 95961->95930 95962 e62e37 95963 e6a961 22 API calls 95962->95963 95964 e62e4d 95963->95964 96041 e64ae3 95964->96041 95966 e62e6b 95967 e63a5a 24 API calls 95966->95967 95968 e62e7f 95967->95968 95969 e69cb3 22 API calls 95968->95969 95970 e62e8c 95969->95970 95971 e64ecb 94 API calls 95970->95971 95972 e62ea5 95971->95972 95973 ea2cb0 95972->95973 95974 e62ead 95972->95974 95975 ed2cf9 80 API calls 95973->95975 96055 e6a8c7 22 API calls __fread_nolock 95974->96055 95976 ea2cc3 95975->95976 95978 ea2ccf 95976->95978 95980 e64f39 68 API calls 95976->95980 95982 e64f39 68 API calls 95978->95982 95979 e62ec3 96056 e66f88 22 API calls 95979->96056 95980->95978 95984 ea2ce5 95982->95984 95983 e62ecf 95985 e69cb3 22 API calls 95983->95985 96073 e63084 22 API calls 95984->96073 95986 e62edc 95985->95986 96057 e6a81b 41 API calls 95986->96057 95989 e62eec 95991 e69cb3 22 API calls 95989->95991 95990 ea2d02 96074 e63084 22 API calls 95990->96074 95992 e62f12 95991->95992 96058 e6a81b 41 API calls 95992->96058 95995 ea2d1e 95996 e63a5a 24 API calls 95995->95996 95997 ea2d44 95996->95997 96075 e63084 22 API calls 95997->96075 95998 e62f21 96001 e6a961 22 API calls 95998->96001 96000 ea2d50 96076 e6a8c7 22 API calls __fread_nolock 96000->96076 96003 e62f3f 96001->96003 96059 e63084 22 API calls 96003->96059 96004 ea2d5e 96077 e63084 22 API calls 96004->96077 96007 e62f4b 96060 e84a28 40 API calls 3 library calls 96007->96060 96008 ea2d6d 96078 e6a8c7 22 API calls __fread_nolock 96008->96078 96010 e62f59 96010->95984 96011 e62f63 96010->96011 96061 e84a28 40 API calls 3 library calls 96011->96061 96014 ea2d83 96079 e63084 22 API calls 96014->96079 96015 e62f6e 96015->95990 96016 e62f78 96015->96016 96062 e84a28 40 API calls 3 library calls 96016->96062 96019 ea2d90 96020 e62f83 96020->95995 96021 e62f8d 96020->96021 96063 e84a28 40 API calls 3 library calls 96021->96063 96023 e62f98 96024 e62fdc 96023->96024 96064 e63084 22 API calls 96023->96064 96024->96008 96025 e62fe8 96024->96025 96025->96019 96067 e663eb 22 API calls 96025->96067 96028 e62fbf 96065 e6a8c7 22 API calls __fread_nolock 96028->96065 96029 e62ff8 96068 e66a50 22 API calls 96029->96068 96032 e62fcd 96066 e63084 22 API calls 96032->96066 96033 e63006 96069 e670b0 23 API calls 96033->96069 96038 e63021 96039 e63065 96038->96039 96070 e66f88 22 API calls 96038->96070 96071 e670b0 23 API calls 96038->96071 96072 e63084 22 API calls 96038->96072 96042 e64af0 __wsopen_s 96041->96042 96043 e66b57 22 API calls 96042->96043 96044 e64b22 96042->96044 96043->96044 96049 e64b58 96044->96049 96080 e64c6d 96044->96080 96046 e64c6d 22 API calls 96046->96049 96047 e64c29 96048 e64c5e 96047->96048 96050 e69cb3 22 API calls 96047->96050 96048->95966 96049->96046 96049->96047 96051 e69cb3 22 API calls 96049->96051 96054 e6515f 22 API calls 96049->96054 96052 e64c52 96050->96052 96051->96049 96053 e6515f 22 API calls 96052->96053 96053->96048 96054->96049 96055->95979 96056->95983 96057->95989 96058->95998 96059->96007 96060->96010 96061->96015 96062->96020 96063->96023 96064->96028 96065->96032 96066->96024 96067->96029 96068->96033 96069->96038 96070->96038 96071->96038 96072->96038 96073->95990 96074->95995 96075->96000 96076->96004 96077->96008 96078->96014 96079->96019 96081 e6aec9 22 API calls 96080->96081 96082 e64c78 96081->96082 96082->96044 96083 e803fb 96084 e80407 BuildCatchObjectHelperInternal 96083->96084 96112 e7feb1 96084->96112 96086 e8040e 96087 e80561 96086->96087 96090 e80438 96086->96090 96142 e8083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96087->96142 96089 e80568 96135 e84e52 96089->96135 96099 e80477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96090->96099 96123 e9247d 96090->96123 96097 e80457 96103 e804d8 96099->96103 96138 e84e1a 38 API calls 2 library calls 96099->96138 96101 e804de 96104 e804f3 96101->96104 96131 e80959 96103->96131 96139 e80992 GetModuleHandleW 96104->96139 96106 e804fa 96106->96089 96107 e804fe 96106->96107 96108 e80507 96107->96108 96140 e84df5 28 API calls _abort 96107->96140 96141 e80040 13 API calls 2 library calls 96108->96141 96111 e8050f 96111->96097 96113 e7feba 96112->96113 96144 e80698 IsProcessorFeaturePresent 96113->96144 96115 e7fec6 96145 e82c94 10 API calls 3 library calls 96115->96145 96117 e7fecb 96118 e7fecf 96117->96118 96146 e92317 96117->96146 96118->96086 96121 e7fee6 96121->96086 96124 e92494 96123->96124 96125 e80a8c CatchGuardHandler 5 API calls 96124->96125 96126 e80451 96125->96126 96126->96097 96127 e92421 96126->96127 96128 e92450 96127->96128 96129 e80a8c CatchGuardHandler 5 API calls 96128->96129 96130 e92479 96129->96130 96130->96099 96197 e82340 96131->96197 96134 e8097f 96134->96101 96199 e84bcf 96135->96199 96138->96103 96139->96106 96140->96108 96141->96111 96142->96089 96144->96115 96145->96117 96150 e9d1f6 96146->96150 96149 e82cbd 8 API calls 3 library calls 96149->96118 96151 e9d213 96150->96151 96154 e9d20f 96150->96154 96151->96154 96156 e94bfb 96151->96156 96153 e7fed8 96153->96121 96153->96149 96168 e80a8c 96154->96168 96157 e94c07 BuildCatchObjectHelperInternal 96156->96157 96175 e92f5e EnterCriticalSection 96157->96175 96159 e94c0e 96176 e950af 96159->96176 96161 e94c1d 96162 e94c2c 96161->96162 96189 e94a8f 29 API calls 96161->96189 96191 e94c48 LeaveCriticalSection _abort 96162->96191 96165 e94c27 96190 e94b45 GetStdHandle GetFileType 96165->96190 96166 e94c3d __wsopen_s 96166->96151 96169 e80a95 96168->96169 96170 e80a97 IsProcessorFeaturePresent 96168->96170 96169->96153 96172 e80c5d 96170->96172 96196 e80c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96172->96196 96174 e80d40 96174->96153 96175->96159 96177 e950bb BuildCatchObjectHelperInternal 96176->96177 96178 e950c8 96177->96178 96179 e950df 96177->96179 96193 e8f2d9 20 API calls _abort 96178->96193 96192 e92f5e EnterCriticalSection 96179->96192 96182 e950cd 96194 e927ec 26 API calls _abort 96182->96194 96184 e950d7 __wsopen_s 96184->96161 96185 e95117 96195 e9513e LeaveCriticalSection _abort 96185->96195 96187 e950eb 96187->96185 96188 e95000 __wsopen_s 21 API calls 96187->96188 96188->96187 96189->96165 96190->96162 96191->96166 96192->96187 96193->96182 96194->96184 96195->96184 96196->96174 96198 e8096c GetStartupInfoW 96197->96198 96198->96134 96200 e84bdb _abort 96199->96200 96201 e84be2 96200->96201 96202 e84bf4 96200->96202 96238 e84d29 GetModuleHandleW 96201->96238 96223 e92f5e EnterCriticalSection 96202->96223 96205 e84be7 96205->96202 96239 e84d6d GetModuleHandleExW 96205->96239 96206 e84c99 96227 e84cd9 96206->96227 96210 e84c70 96214 e84c88 96210->96214 96218 e92421 _abort 5 API calls 96210->96218 96212 e84ce2 96247 ea1d29 5 API calls CatchGuardHandler 96212->96247 96213 e84cb6 96230 e84ce8 96213->96230 96219 e92421 _abort 5 API calls 96214->96219 96218->96214 96219->96206 96220 e84bfb 96220->96206 96220->96210 96224 e921a8 96220->96224 96223->96220 96248 e91ee1 96224->96248 96267 e92fa6 LeaveCriticalSection 96227->96267 96229 e84cb2 96229->96212 96229->96213 96268 e9360c 96230->96268 96233 e84d16 96236 e84d6d _abort 8 API calls 96233->96236 96234 e84cf6 GetPEB 96234->96233 96235 e84d06 GetCurrentProcess TerminateProcess 96234->96235 96235->96233 96237 e84d1e ExitProcess 96236->96237 96238->96205 96240 e84dba 96239->96240 96241 e84d97 GetProcAddress 96239->96241 96242 e84dc9 96240->96242 96243 e84dc0 FreeLibrary 96240->96243 96244 e84dac 96241->96244 96245 e80a8c CatchGuardHandler 5 API calls 96242->96245 96243->96242 96244->96240 96246 e84bf3 96245->96246 96246->96202 96251 e91e90 96248->96251 96250 e91f05 96250->96210 96252 e91e9c BuildCatchObjectHelperInternal 96251->96252 96259 e92f5e EnterCriticalSection 96252->96259 96254 e91eaa 96260 e91f31 96254->96260 96258 e91ec8 __wsopen_s 96258->96250 96259->96254 96263 e91f59 96260->96263 96265 e91f51 96260->96265 96261 e80a8c CatchGuardHandler 5 API calls 96262 e91eb7 96261->96262 96266 e91ed5 LeaveCriticalSection _abort 96262->96266 96264 e929c8 _free 20 API calls 96263->96264 96263->96265 96264->96265 96265->96261 96266->96258 96267->96229 96269 e93631 96268->96269 96270 e93627 96268->96270 96275 e92fd7 5 API calls 2 library calls 96269->96275 96272 e80a8c CatchGuardHandler 5 API calls 96270->96272 96274 e84cf2 96272->96274 96273 e93648 96273->96270 96274->96233 96274->96234 96275->96273 96276 e6fe73 96283 e7ceb1 96276->96283 96278 e6fe89 96292 e7cf92 96278->96292 96280 e6feb3 96304 ed359c 82 API calls __wsopen_s 96280->96304 96282 eb4ab8 96284 e7ced2 96283->96284 96285 e7cebf 96283->96285 96287 e7ced7 96284->96287 96288 e7cf05 96284->96288 96286 e6aceb 23 API calls 96285->96286 96291 e7cec9 96286->96291 96289 e7fddb 22 API calls 96287->96289 96290 e6aceb 23 API calls 96288->96290 96289->96291 96290->96291 96291->96278 96293 e66270 22 API calls 96292->96293 96294 e7cfc9 96293->96294 96295 e69cb3 22 API calls 96294->96295 96298 e7cffa 96294->96298 96296 ebd166 96295->96296 96305 e66350 22 API calls 96296->96305 96298->96280 96299 ebd171 96306 e7d2f0 40 API calls 96299->96306 96301 ebd184 96302 e6aceb 23 API calls 96301->96302 96303 ebd188 96301->96303 96302->96303 96303->96303 96304->96282 96305->96299 96306->96301 96307 e61033 96312 e64c91 96307->96312 96311 e61042 96313 e6a961 22 API calls 96312->96313 96314 e64cff 96313->96314 96320 e63af0 96314->96320 96317 e64d9c 96318 e61038 96317->96318 96323 e651f7 22 API calls __fread_nolock 96317->96323 96319 e800a3 29 API calls __onexit 96318->96319 96319->96311 96324 e63b1c 96320->96324 96323->96317 96325 e63b0f 96324->96325 96326 e63b29 96324->96326 96325->96317 96326->96325 96327 e63b30 RegOpenKeyExW 96326->96327 96327->96325 96328 e63b4a RegQueryValueExW 96327->96328 96329 e63b80 RegCloseKey 96328->96329 96330 e63b6b 96328->96330 96329->96325 96330->96329 96331 e6f7bf 96332 e6fcb6 96331->96332 96333 e6f7d3 96331->96333 96334 e6aceb 23 API calls 96332->96334 96335 e6fcc2 96333->96335 96336 e7fddb 22 API calls 96333->96336 96334->96335 96337 e6aceb 23 API calls 96335->96337 96338 e6f7e5 96336->96338 96339 e6fd3d 96337->96339 96338->96335 96338->96339 96340 e6f83e 96338->96340 96368 ed1155 22 API calls 96339->96368 96342 e71310 348 API calls 96340->96342 96357 e6ed9d ISource 96340->96357 96363 e6ec76 ISource 96342->96363 96343 e6fef7 96343->96357 96370 e6a8c7 22 API calls __fread_nolock 96343->96370 96346 eb4600 96346->96357 96369 e6a8c7 22 API calls __fread_nolock 96346->96369 96347 eb4b0b 96372 ed359c 82 API calls __wsopen_s 96347->96372 96353 e80242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96353->96363 96354 e6a8c7 22 API calls 96354->96363 96355 e6fbe3 96355->96357 96359 eb4bdc 96355->96359 96365 e6f3ae ISource 96355->96365 96356 e6a961 22 API calls 96356->96363 96358 e800a3 29 API calls pre_c_initialization 96358->96363 96373 ed359c 82 API calls __wsopen_s 96359->96373 96361 eb4beb 96374 ed359c 82 API calls __wsopen_s 96361->96374 96362 e7fddb 22 API calls 96362->96363 96363->96343 96363->96346 96363->96347 96363->96353 96363->96354 96363->96355 96363->96356 96363->96357 96363->96358 96363->96361 96363->96362 96364 e801f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96363->96364 96363->96365 96366 e701e0 348 API calls 2 library calls 96363->96366 96367 e706a0 41 API calls ISource 96363->96367 96364->96363 96365->96357 96371 ed359c 82 API calls __wsopen_s 96365->96371 96366->96363 96367->96363 96368->96357 96369->96357 96370->96357 96371->96357 96372->96357 96373->96361 96374->96357 96375 e6defc 96378 e61d6f 96375->96378 96377 e6df07 96379 e61d8c 96378->96379 96380 e61f6f 348 API calls 96379->96380 96381 e61da6 96380->96381 96382 ea2759 96381->96382 96384 e61e36 96381->96384 96385 e61dc2 96381->96385 96388 ed359c 82 API calls __wsopen_s 96382->96388 96384->96377 96385->96384 96387 e6289a 23 API calls 96385->96387 96387->96384 96388->96384 96389 ef2a55 96397 ed1ebc 96389->96397 96392 ef2a70 96399 ec39c0 22 API calls 96392->96399 96394 ef2a7c 96400 ec417d 22 API calls __fread_nolock 96394->96400 96396 ef2a87 96398 ed1ec3 IsWindow 96397->96398 96398->96392 96398->96396 96399->96394 96400->96396 96401 e6dddc 96402 e6b710 348 API calls 96401->96402 96403 e6ddea 96402->96403 96404 e6105b 96409 e6344d 96404->96409 96406 e6106a 96440 e800a3 29 API calls __onexit 96406->96440 96408 e61074 96410 e6345d __wsopen_s 96409->96410 96411 e6a961 22 API calls 96410->96411 96412 e63513 96411->96412 96413 e63a5a 24 API calls 96412->96413 96414 e6351c 96413->96414 96441 e63357 96414->96441 96417 e633c6 22 API calls 96418 e63535 96417->96418 96419 e6515f 22 API calls 96418->96419 96420 e63544 96419->96420 96421 e6a961 22 API calls 96420->96421 96422 e6354d 96421->96422 96423 e6a6c3 22 API calls 96422->96423 96424 e63556 RegOpenKeyExW 96423->96424 96425 ea3176 RegQueryValueExW 96424->96425 96426 e63578 96424->96426 96427 ea320c RegCloseKey 96425->96427 96428 ea3193 96425->96428 96426->96406 96427->96426 96439 ea321e _wcslen 96427->96439 96429 e7fe0b 22 API calls 96428->96429 96430 ea31ac 96429->96430 96432 e65722 22 API calls 96430->96432 96431 e64c6d 22 API calls 96431->96439 96433 ea31b7 RegQueryValueExW 96432->96433 96434 ea31d4 96433->96434 96436 ea31ee ISource 96433->96436 96435 e66b57 22 API calls 96434->96435 96435->96436 96436->96427 96437 e69cb3 22 API calls 96437->96439 96438 e6515f 22 API calls 96438->96439 96439->96426 96439->96431 96439->96437 96439->96438 96440->96408 96442 ea1f50 __wsopen_s 96441->96442 96443 e63364 GetFullPathNameW 96442->96443 96444 e63386 96443->96444 96445 e66b57 22 API calls 96444->96445 96446 e633a4 96445->96446 96446->96417 96447 e61098 96452 e642de 96447->96452 96451 e610a7 96453 e6a961 22 API calls 96452->96453 96454 e642f5 GetVersionExW 96453->96454 96455 e66b57 22 API calls 96454->96455 96456 e64342 96455->96456 96457 e693b2 22 API calls 96456->96457 96462 e64378 96456->96462 96458 e6436c 96457->96458 96460 e637a0 22 API calls 96458->96460 96459 e6441b GetCurrentProcess IsWow64Process 96461 e64437 96459->96461 96460->96462 96463 e6444f LoadLibraryA 96461->96463 96464 ea3824 GetSystemInfo 96461->96464 96462->96459 96467 ea37df 96462->96467 96465 e64460 GetProcAddress 96463->96465 96466 e6449c GetSystemInfo 96463->96466 96465->96466 96468 e64470 GetNativeSystemInfo 96465->96468 96469 e64476 96466->96469 96468->96469 96470 e6109d 96469->96470 96471 e6447a FreeLibrary 96469->96471 96472 e800a3 29 API calls __onexit 96470->96472 96471->96470 96472->96451 96473 eb3f75 96474 e7ceb1 23 API calls 96473->96474 96475 eb3f8b 96474->96475 96483 eb4006 96475->96483 96484 e7e300 23 API calls 96475->96484 96477 e6bf40 348 API calls 96478 eb4052 96477->96478 96480 eb4a88 96478->96480 96486 ed359c 82 API calls __wsopen_s 96478->96486 96481 eb3fe6 96481->96478 96485 ed1abf 22 API calls 96481->96485 96483->96477 96484->96481 96485->96483 96486->96480

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 393 e642de-e6434d call e6a961 GetVersionExW call e66b57 398 e64353 393->398 399 ea3617-ea362a 393->399 400 e64355-e64357 398->400 401 ea362b-ea362f 399->401 402 e6435d-e643bc call e693b2 call e637a0 400->402 403 ea3656 400->403 404 ea3632-ea363e 401->404 405 ea3631 401->405 422 e643c2-e643c4 402->422 423 ea37df-ea37e6 402->423 408 ea365d-ea3660 403->408 404->401 407 ea3640-ea3642 404->407 405->404 407->400 410 ea3648-ea364f 407->410 412 ea3666-ea36a8 408->412 413 e6441b-e64435 GetCurrentProcess IsWow64Process 408->413 410->399 411 ea3651 410->411 411->403 412->413 417 ea36ae-ea36b1 412->417 415 e64437 413->415 416 e64494-e6449a 413->416 419 e6443d-e64449 415->419 416->419 420 ea36db-ea36e5 417->420 421 ea36b3-ea36bd 417->421 424 e6444f-e6445e LoadLibraryA 419->424 425 ea3824-ea3828 GetSystemInfo 419->425 429 ea36f8-ea3702 420->429 430 ea36e7-ea36f3 420->430 426 ea36ca-ea36d6 421->426 427 ea36bf-ea36c5 421->427 422->408 428 e643ca-e643dd 422->428 431 ea37e8 423->431 432 ea3806-ea3809 423->432 435 e64460-e6446e GetProcAddress 424->435 436 e6449c-e644a6 GetSystemInfo 424->436 426->413 427->413 437 e643e3-e643e5 428->437 438 ea3726-ea372f 428->438 440 ea3704-ea3710 429->440 441 ea3715-ea3721 429->441 430->413 439 ea37ee 431->439 433 ea380b-ea381a 432->433 434 ea37f4-ea37fc 432->434 433->439 444 ea381c-ea3822 433->444 434->432 435->436 445 e64470-e64474 GetNativeSystemInfo 435->445 446 e64476-e64478 436->446 447 ea374d-ea3762 437->447 448 e643eb-e643ee 437->448 442 ea373c-ea3748 438->442 443 ea3731-ea3737 438->443 439->434 440->413 441->413 442->413 443->413 444->434 445->446 451 e64481-e64493 446->451 452 e6447a-e6447b FreeLibrary 446->452 449 ea376f-ea377b 447->449 450 ea3764-ea376a 447->450 453 e643f4-e6440f 448->453 454 ea3791-ea3794 448->454 449->413 450->413 452->451 456 e64415 453->456 457 ea3780-ea378c 453->457 454->413 455 ea379a-ea37c1 454->455 458 ea37ce-ea37da 455->458 459 ea37c3-ea37c9 455->459 456->413 457->413 458->413 459->413
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00E6430D
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00EFCB64,00000000,?,?), ref: 00E64422
                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00E64429
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00E64454
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E64466
                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00E64474
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 00E6447B
                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 00E644A0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                      • Opcode ID: 7d6e8da77edcb8850a8473d8d8558e590fbbb0e87a818eff7f081d09210f73d6
                                                                                                                                                                                                                                                      • Instruction ID: 0a7a4a1367e33d15900d209d9e9337fca000f8ba6528b3730500a93f0bcc9356
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d6e8da77edcb8850a8473d8d8558e590fbbb0e87a818eff7f081d09210f73d6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8A106B290A3CCCFC721C7B97C451E57FE67B26364B186899E481B7B62D6304508FB22

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 797 e642a2-e642ba CreateStreamOnHGlobal 798 e642bc-e642d3 FindResourceExW 797->798 799 e642da-e642dd 797->799 800 ea35ba-ea35c9 LoadResource 798->800 801 e642d9 798->801 800->801 802 ea35cf-ea35dd SizeofResource 800->802 801->799 802->801 803 ea35e3-ea35ee LockResource 802->803 803->801 804 ea35f4-ea3612 803->804 804->801
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00E650AA,?,?,00000000,00000000), ref: 00E642B2
                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00E650AA,?,?,00000000,00000000), ref: 00E642C9
                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20), ref: 00EA35BE
                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20), ref: 00EA35D3
                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00E650AA,?,?,00E650AA,?,?,00000000,00000000,?,?,?,?,?,?,00E64F20,?), ref: 00EA35E6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                      • Opcode ID: eafbd54413dcb70be702a1cbb25d729d3f160a5fb4b008e7acca7ece14c93a87
                                                                                                                                                                                                                                                      • Instruction ID: 0c715c6e35e63fb6a7e5c9405f955d4580cef84b40fce3885f29be30013ef7e1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eafbd54413dcb70be702a1cbb25d729d3f160a5fb4b008e7acca7ece14c93a87
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78117CB0240704BFE7219B66ED58F677BB9EBC5B95F304169F502E62A0DB71EC14C620

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 922 ecdbbe-ecdbda lstrlenW 923 ecdbdc-ecdbe6 GetFileAttributesW 922->923 924 ecdc06 922->924 925 ecdc09-ecdc0d 923->925 926 ecdbe8-ecdbf7 FindFirstFileW 923->926 924->925 926->924 927 ecdbf9-ecdc04 FindClose 926->927 927->925
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,"R), ref: 00ECDBCE
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 00ECDBDD
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ECDBEE
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ECDBFA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                      • String ID: "R
                                                                                                                                                                                                                                                      • API String ID: 2695905019-1746183819
                                                                                                                                                                                                                                                      • Opcode ID: 73df1e0be4a3bc6f9e9f7528e0a1bb5a3f80be7cd026672ca653d2e3ac519e6f
                                                                                                                                                                                                                                                      • Instruction ID: dcb3cd32175a2bb64639f84c6c76064a85b1a8b4cf410afb5d1ee3ff86afa7b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73df1e0be4a3bc6f9e9f7528e0a1bb5a3f80be7cd026672ca653d2e3ac519e6f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F0A7304149185B92206B789E0DDBA776C9F81334B304716F435E20F0EBB26959C595

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00E62B6B
                                                                                                                                                                                                                                                        • Part of subcall function 00E63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F31418,?,00E62E7F,?,?,?,00000000), ref: 00E63A78
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00F22224), ref: 00EA2C10
                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00F22224), ref: 00EA2C17
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                      • Opcode ID: 4504a88034555ca8e4711ec6524304778f7b100f00c2ce539a648b575324d69d
                                                                                                                                                                                                                                                      • Instruction ID: 6f6386b87cad41a48d12edaeb11aefbeaa81f7396502e81aa71ce065eeda90fc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4504a88034555ca8e4711ec6524304778f7b100f00c2ce539a648b575324d69d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D111AF31288245AAC704FF74F8519BEB7E8AB957A4F54342DF182721A3CF319A49E712

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 975 e84ce8-e84cf4 call e9360c 978 e84d16-e84d22 call e84d6d ExitProcess 975->978 979 e84cf6-e84d04 GetPEB 975->979 979->978 980 e84d06-e84d10 GetCurrentProcess TerminateProcess 979->980 980->978
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002,00000000,?,00E928E9,00000003,00E92DF7,?,?), ref: 00E84D09
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00E928E9,00000003,00E92DF7,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000), ref: 00E84D10
                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00E84D22
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                      • API String ID: 1703294689-2063206799
                                                                                                                                                                                                                                                      • Opcode ID: 8c60731689ea6db52b8d6cbf6582964a2bfb84c045ad3246ae8519958375c57b
                                                                                                                                                                                                                                                      • Instruction ID: 478ee07082e5b1fa9b45883d52d1c386a008be264d02cc1554eea81d115ecd99
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c60731689ea6db52b8d6cbf6582964a2bfb84c045ad3246ae8519958375c57b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CE0B6B1001149AFCF12BF65DE09A687B69EB81785B205054FC0DAA1A2DB35ED56DB80
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00ECD501
                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00ECD50F
                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00ECD52F
                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00ECD5DC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                      • Opcode ID: c6ba6ebaa2c874349c6a1ada1e0cbe4a4f8c542b091cda2a24e8ca185c867246
                                                                                                                                                                                                                                                      • Instruction ID: 80565d4bc74b217e3d09fb86ee31d40304d6b9eaea9f4e9c763dfe6d4a24fb65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6ba6ebaa2c874349c6a1ada1e0cbe4a4f8c542b091cda2a24e8ca185c867246
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5318F711082009FD304EF54DD81EABBBF8AFD9394F24152DF581A31A2EB729949CB92

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 0 eeaff9-eeb056 call e82340 3 eeb058-eeb06b call e6b567 0->3 4 eeb094-eeb098 0->4 14 eeb06d-eeb092 call e6b567 * 2 3->14 15 eeb0c8 3->15 5 eeb0dd-eeb0e0 4->5 6 eeb09a-eeb0bb call e6b567 * 2 4->6 10 eeb0f5-eeb119 call e67510 call e67620 5->10 11 eeb0e2-eeb0e5 5->11 29 eeb0bf-eeb0c4 6->29 32 eeb11f-eeb178 call e67510 call e67620 call e67510 call e67620 call e67510 call e67620 10->32 33 eeb1d8-eeb1e0 10->33 16 eeb0e8-eeb0ed call e6b567 11->16 14->29 20 eeb0cb-eeb0cf 15->20 16->10 25 eeb0d9-eeb0db 20->25 26 eeb0d1-eeb0d7 20->26 25->5 25->10 26->16 29->5 34 eeb0c6 29->34 80 eeb17a-eeb195 call e67510 call e67620 32->80 81 eeb1a6-eeb1d6 GetSystemDirectoryW call e7fe0b GetSystemDirectoryW 32->81 35 eeb20a-eeb238 GetCurrentDirectoryW call e7fe0b GetCurrentDirectoryW 33->35 36 eeb1e2-eeb1fd call e67510 call e67620 33->36 34->20 45 eeb23c 35->45 36->35 50 eeb1ff-eeb208 call e84963 36->50 48 eeb240-eeb244 45->48 51 eeb246-eeb270 call e69c6e * 3 48->51 52 eeb275-eeb285 call ed00d9 48->52 50->35 50->52 51->52 64 eeb28b-eeb2e1 call ed07c0 call ed06e6 call ed05a7 52->64 65 eeb287-eeb289 52->65 68 eeb2ee-eeb2f2 64->68 100 eeb2e3 64->100 65->68 70 eeb39a-eeb3be CreateProcessW 68->70 71 eeb2f8-eeb321 call ec11c8 68->71 78 eeb3c1-eeb3d4 call e7fe14 * 2 70->78 84 eeb32a call ec14ce 71->84 85 eeb323-eeb328 call ec1201 71->85 101 eeb42f-eeb43d CloseHandle 78->101 102 eeb3d6-eeb3e8 78->102 80->81 107 eeb197-eeb1a0 call e84963 80->107 81->45 99 eeb32f-eeb33c call e84963 84->99 85->99 115 eeb33e-eeb345 99->115 116 eeb347-eeb357 call e84963 99->116 100->68 109 eeb43f-eeb444 101->109 110 eeb49c 101->110 105 eeb3ed-eeb3fc 102->105 106 eeb3ea 102->106 111 eeb3fe 105->111 112 eeb401-eeb42a GetLastError call e6630c call e6cfa0 105->112 106->105 107->48 107->81 117 eeb446-eeb44c CloseHandle 109->117 118 eeb451-eeb456 109->118 113 eeb4a0-eeb4a4 110->113 111->112 129 eeb4e5-eeb4f6 call ed0175 112->129 120 eeb4a6-eeb4b0 113->120 121 eeb4b2-eeb4bc 113->121 115->115 115->116 137 eeb359-eeb360 116->137 138 eeb362-eeb372 call e84963 116->138 117->118 124 eeb458-eeb45e CloseHandle 118->124 125 eeb463-eeb468 118->125 120->129 130 eeb4be 121->130 131 eeb4c4-eeb4e3 call e6cfa0 CloseHandle 121->131 124->125 126 eeb46a-eeb470 CloseHandle 125->126 127 eeb475-eeb49a call ed09d9 call eeb536 125->127 126->127 127->113 130->131 131->129 137->137 137->138 146 eeb37d-eeb398 call e7fe14 * 3 138->146 147 eeb374-eeb37b 138->147 146->78 147->146 147->147
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEB198
                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB1B0
                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB1D4
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEB200
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB214
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EEB236
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEB332
                                                                                                                                                                                                                                                        • Part of subcall function 00ED05A7: GetStdHandle.KERNEL32(000000F6), ref: 00ED05C6
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEB34B
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEB366
                                                                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EEB3B6
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 00EEB407
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EEB439
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEB44A
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEB45C
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEB46E
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EEB4E3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                      • Opcode ID: 2c5d20a3b73a4d56e1c62c1fb6c5db7c81b859e66c39d0db0ef2af6cef34150a
                                                                                                                                                                                                                                                      • Instruction ID: f275052cccd3f35b2acaef2d232986f94780f817a53bb17a128f1ea946615576
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c5d20a3b73a4d56e1c62c1fb6c5db7c81b859e66c39d0db0ef2af6cef34150a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83F1CC316083449FC724EF25D891B6FBBE5AF85314F18945DF899AB2A2DB30EC04CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 00E6D807
                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 00E6DA07
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB28
                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00E6DB7B
                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00E6DB89
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB9F
                                                                                                                                                                                                                                                      • Sleep.KERNELBASE(0000000A), ref: 00E6DBB1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                      • Opcode ID: 9fd421d1c89eba57ca2b6d483cb466ebfa6f3dba99f424bea4a303d466e079e5
                                                                                                                                                                                                                                                      • Instruction ID: 96223b3abc3af53e5b80ac887e679aaa783146790bcdd6f23add468af623132b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fd421d1c89eba57ca2b6d483cb466ebfa6f3dba99f424bea4a303d466e079e5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05422030B48245DFE728CF24DC84BAAB7E0FF85358F98A55DE559A7291C770E844CB82

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00E62D07
                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00E62D31
                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E62D42
                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00E62D5F
                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E62D6F
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00E62D85
                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E62D94
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                      • Opcode ID: 0d5c3dde379aee1e2096059da2fbeda73496277ebc7a1e422b05e58ad9dc8608
                                                                                                                                                                                                                                                      • Instruction ID: e509c690eca4d0afe3341efbf34c5ae69c3c8bc91459ffc3baceaad507ed91cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d5c3dde379aee1e2096059da2fbeda73496277ebc7a1e422b05e58ad9dc8608
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5721E2B190220CEFDB00DFA5E949BEDBBB5FB48710F20811AE611B62A0D7B15548DF90

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 461 ea065b-ea068b call ea042f 464 ea068d-ea0698 call e8f2c6 461->464 465 ea06a6-ea06b2 call e95221 461->465 470 ea069a-ea06a1 call e8f2d9 464->470 471 ea06cb-ea0714 call ea039a 465->471 472 ea06b4-ea06c9 call e8f2c6 call e8f2d9 465->472 481 ea097d-ea0983 470->481 479 ea0781-ea078a GetFileType 471->479 480 ea0716-ea071f 471->480 472->470 485 ea078c-ea07bd GetLastError call e8f2a3 CloseHandle 479->485 486 ea07d3-ea07d6 479->486 483 ea0721-ea0725 480->483 484 ea0756-ea077c GetLastError call e8f2a3 480->484 483->484 490 ea0727-ea0754 call ea039a 483->490 484->470 485->470 500 ea07c3-ea07ce call e8f2d9 485->500 488 ea07d8-ea07dd 486->488 489 ea07df-ea07e5 486->489 493 ea07e9-ea0837 call e9516a 488->493 489->493 494 ea07e7 489->494 490->479 490->484 504 ea0839-ea0845 call ea05ab 493->504 505 ea0847-ea086b call ea014d 493->505 494->493 500->470 504->505 510 ea086f-ea0879 call e986ae 504->510 511 ea087e-ea08c1 505->511 512 ea086d 505->512 510->481 514 ea08e2-ea08f0 511->514 515 ea08c3-ea08c7 511->515 512->510 518 ea097b 514->518 519 ea08f6-ea08fa 514->519 515->514 517 ea08c9-ea08dd 515->517 517->514 518->481 519->518 520 ea08fc-ea092f CloseHandle call ea039a 519->520 523 ea0963-ea0977 520->523 524 ea0931-ea095d GetLastError call e8f2a3 call e95333 520->524 523->518 524->523
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EA039A: CreateFileW.KERNELBASE(00000000,00000000,?,00EA0704,?,?,00000000,?,00EA0704,00000000,0000000C), ref: 00EA03B7
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA076F
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EA0776
                                                                                                                                                                                                                                                      • GetFileType.KERNELBASE(00000000), ref: 00EA0782
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA078C
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EA0795
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EA07B5
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EA08FF
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EA0931
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EA0938
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                      • Opcode ID: b9cd2e5c4225b71f686d2098bf64f37961aa17e4b036135c99e201699330fb4f
                                                                                                                                                                                                                                                      • Instruction ID: c82ed8b3607d37e3009a56678f97ea8ff5c00aed19b6560f8b77df2dc4dee840
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9cd2e5c4225b71f686d2098bf64f37961aa17e4b036135c99e201699330fb4f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AEA12932A001088FDF19EF78D851BAE7BE1EB4A324F14115AF815BF391DB31A816CB91

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F31418,?,00E62E7F,?,?,?,00000000), ref: 00E63A78
                                                                                                                                                                                                                                                        • Part of subcall function 00E63357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E63379
                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00E6356A
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00EA318D
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00EA31CE
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00EA3210
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EA3277
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EA3286
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                      • Opcode ID: 787f3f50c7c53a00e7d2f2141f8b3c10c5564291e391cfbcc73c2e5e19980aae
                                                                                                                                                                                                                                                      • Instruction ID: 4188a32e2ef4c5c3621befaa8c196437550a07922f27516679df3a3d43d5f711
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 787f3f50c7c53a00e7d2f2141f8b3c10c5564291e391cfbcc73c2e5e19980aae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F71E7715043099EC314EF69EC819ABBBE8FF89360F50142EF545E71B1DB309A48DB62

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00E62B8E
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00E62B9D
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00E62BB3
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00E62BC5
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00E62BD7
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E62BEF
                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00E62C40
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: GetSysColorBrush.USER32(0000000F), ref: 00E62D07
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: RegisterClassExW.USER32(00000030), ref: 00E62D31
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E62D42
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: InitCommonControlsEx.COMCTL32(?), ref: 00E62D5F
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E62D6F
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: LoadIconW.USER32(000000A9), ref: 00E62D85
                                                                                                                                                                                                                                                        • Part of subcall function 00E62CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E62D94
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                      • Opcode ID: 04dabdcf967b049b5cc809e087ae298fac309fb2adecc26a2b386b58610756fa
                                                                                                                                                                                                                                                      • Instruction ID: 689906d08e27eee54b5113330b6df2456ae70a8fddd76aafa2b6245f95747869
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04dabdcf967b049b5cc809e087ae298fac309fb2adecc26a2b386b58610756fa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC212C71E0031CAFDB109FA6ED55AAA7FB6FB48B60F10001AE600B67A0D7B11554EF90

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 602 e63170-e63185 603 e63187-e6318a 602->603 604 e631e5-e631e7 602->604 605 e6318c-e63193 603->605 606 e631eb 603->606 604->603 607 e631e9 604->607 608 e63265-e6326d PostQuitMessage 605->608 609 e63199-e6319e 605->609 611 ea2dfb-ea2e23 call e618e2 call e7e499 606->611 612 e631f1-e631f6 606->612 610 e631d0-e631d8 DefWindowProcW 607->610 617 e63219-e6321b 608->617 614 e631a4-e631a8 609->614 615 ea2e7c-ea2e90 call ecbf30 609->615 616 e631de-e631e4 610->616 647 ea2e28-ea2e2f 611->647 618 e6321d-e63244 SetTimer RegisterWindowMessageW 612->618 619 e631f8-e631fb 612->619 621 ea2e68-ea2e72 call ecc161 614->621 622 e631ae-e631b3 614->622 615->617 640 ea2e96 615->640 617->616 618->617 623 e63246-e63251 CreatePopupMenu 618->623 625 ea2d9c-ea2d9f 619->625 626 e63201-e6320f KillTimer call e630f2 619->626 636 ea2e77 621->636 630 ea2e4d-ea2e54 622->630 631 e631b9-e631be 622->631 623->617 633 ea2da1-ea2da5 625->633 634 ea2dd7-ea2df6 MoveWindow 625->634 635 e63214 call e63c50 626->635 630->610 643 ea2e5a-ea2e63 call ec0ad7 630->643 638 e631c4-e631ca 631->638 639 e63253-e63263 call e6326f 631->639 641 ea2dc6-ea2dd2 SetFocus 633->641 642 ea2da7-ea2daa 633->642 634->617 635->617 636->617 638->610 638->647 639->617 640->610 641->617 642->638 648 ea2db0-ea2dc1 call e618e2 642->648 643->610 647->610 651 ea2e35-ea2e48 call e630f2 call e63837 647->651 648->617 651->610
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00E6316A,?,?), ref: 00E631D8
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,00E6316A,?,?), ref: 00E63204
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E63227
                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00E6316A,?,?), ref: 00E63232
                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00E63246
                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00E63267
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                      • Opcode ID: c18ad7d4955eb5742855c82c8997399a5823b9acdcc01d4f332aaf061d92d1a0
                                                                                                                                                                                                                                                      • Instruction ID: 36939157f9d2895540cfdbfa0f322bf9525a4202c402c7efe0fbae9b88d7d6f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c18ad7d4955eb5742855c82c8997399a5823b9acdcc01d4f332aaf061d92d1a0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51414B312C4208ABDB152B78BD1DBB93659F7463E8F24311AF601F61E3C7719A44E761

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 658 e61410-e61449 659 ea24b8-ea24b9 DestroyWindow 658->659 660 e6144f-e61465 mciSendStringW 658->660 663 ea24c4-ea24d1 659->663 661 e616c6-e616d3 660->661 662 e6146b-e61473 660->662 665 e616d5-e616f0 UnregisterHotKey 661->665 666 e616f8-e616ff 661->666 662->663 664 e61479-e61488 call e6182e 662->664 670 ea24d3-ea24d6 663->670 671 ea2500-ea2507 663->671 679 ea250e-ea251a 664->679 680 e6148e-e61496 664->680 665->666 668 e616f2-e616f3 call e610d0 665->668 666->662 669 e61705 666->669 668->666 669->661 672 ea24d8-ea24e0 call e66246 670->672 673 ea24e2-ea24e5 FindClose 670->673 671->663 676 ea2509 671->676 678 ea24eb-ea24f8 672->678 673->678 676->679 678->671 682 ea24fa-ea24fb call ed32b1 678->682 685 ea251c-ea251e FreeLibrary 679->685 686 ea2524-ea252b 679->686 683 ea2532-ea253f 680->683 684 e6149c-e614c1 call e6cfa0 680->684 682->671 687 ea2541-ea255e VirtualFree 683->687 688 ea2566-ea256d 683->688 696 e614c3 684->696 697 e614f8-e61503 CoUninitialize 684->697 685->686 686->679 691 ea252d 686->691 687->688 692 ea2560-ea2561 call ed3317 687->692 688->683 693 ea256f 688->693 691->683 692->688 698 ea2574-ea2578 693->698 699 e614c6-e614f6 call e61a05 call e619ae 696->699 697->698 700 e61509-e6150e 697->700 698->700 703 ea257e-ea2584 698->703 699->697 701 e61514-e6151e 700->701 702 ea2589-ea2596 call ed32eb 700->702 705 e61707-e61714 call e7f80e 701->705 706 e61524-e615a5 call e6988f call e61944 call e617d5 call e7fe14 call e6177c call e6988f call e6cfa0 call e617fe call e7fe14 701->706 716 ea2598 702->716 703->700 705->706 719 e6171a 705->719 721 ea259d-ea25bf call e7fdcd 706->721 747 e615ab-e615cf call e7fe14 706->747 716->721 719->705 726 ea25c1 721->726 729 ea25c6-ea25e8 call e7fdcd 726->729 735 ea25ea 729->735 738 ea25ef-ea2611 call e7fdcd 735->738 745 ea2613 738->745 748 ea2618-ea2625 call ec64d4 745->748 747->729 754 e615d5-e615f9 call e7fe14 747->754 753 ea2627 748->753 756 ea262c-ea2639 call e7ac64 753->756 754->738 759 e615ff-e61619 call e7fe14 754->759 762 ea263b 756->762 759->748 764 e6161f-e61643 call e617d5 call e7fe14 759->764 765 ea2640-ea264d call ed3245 762->765 764->756 773 e61649-e61651 764->773 772 ea264f 765->772 775 ea2654-ea2661 call ed32cc 772->775 773->765 774 e61657-e61675 call e6988f call e6190a 773->774 774->775 784 e6167b-e61689 774->784 780 ea2663 775->780 783 ea2668-ea2675 call ed32cc 780->783 789 ea2677 783->789 784->783 786 e6168f-e616c5 call e6988f * 3 call e61876 784->786 789->789
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00E61459
                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 00E614F8
                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 00E616DD
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EA24B9
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00EA251E
                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EA254B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                      • Opcode ID: 5fa12714f5941b2c3dfd826de54949da17ecc73b74af2b03bafc8af38e47b0f1
                                                                                                                                                                                                                                                      • Instruction ID: ea701d87f49935295f5475736a938edf426fe9e6b65b2a6262a164c5f36443c0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fa12714f5941b2c3dfd826de54949da17ecc73b74af2b03bafc8af38e47b0f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82D1AC30701212CFCB1AEF19D595A68F7A0FF49354F28A1ADE54A7B261DB30AC12CF51

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 807 e62c63-e62cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E62C91
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E62CB2
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00E61CAD,?), ref: 00E62CC6
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00E61CAD,?), ref: 00E62CCF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                      • Opcode ID: ec0a4c2e04c2e62bc38266c998294b7709f266ca00da5047cbb830895c88fb5a
                                                                                                                                                                                                                                                      • Instruction ID: 61efe818f8154aabce11b09ed2d8f8fcb1bb9d33da8f27e544ea75cf27e4d636
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec0a4c2e04c2e62bc38266c998294b7709f266ca00da5047cbb830895c88fb5a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF0D07554029C7AE73117276C09E777EBEE7C6F60B20105AF900A35A0C6A21858EE70

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 964 e63b1c-e63b27 965 e63b99-e63b9b 964->965 966 e63b29-e63b2e 964->966 967 e63b8c-e63b8f 965->967 966->965 968 e63b30-e63b48 RegOpenKeyExW 966->968 968->965 969 e63b4a-e63b69 RegQueryValueExW 968->969 970 e63b80-e63b8b RegCloseKey 969->970 971 e63b6b-e63b76 969->971 970->967 972 e63b90-e63b97 971->972 973 e63b78-e63b7a 971->973 974 e63b7e 972->974 973->974 974->970
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B40
                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B61
                                                                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00E63B0F,SwapMouseButtons,00000004,?), ref: 00E63B83
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                      • Opcode ID: 4de54b71f5f10f7c09d769dc8ce120352c288086c01f1ebfea66fc3e2e02ab02
                                                                                                                                                                                                                                                      • Instruction ID: 14c7a739addf3426971fa551c3058df6e1932d126b73a20e2ae0f3a41da30be0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4de54b71f5f10f7c09d769dc8ce120352c288086c01f1ebfea66fc3e2e02ab02
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34115AB1550208FFDB208FA5EC44EEEBBB8EF41794B205459A805E7110D6319E449760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00EA33A2
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E63A04
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                      • Opcode ID: 9515c30acb9d5079297af5837338713e7a297bf27616fc8d7f14e782c1b74ca1
                                                                                                                                                                                                                                                      • Instruction ID: a1fe0f1e5db330481b4b3af9ac43294242dd9fc30fd1f5696861abdd15e15b33
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9515c30acb9d5079297af5837338713e7a297bf27616fc8d7f14e782c1b74ca1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB31F671488304AAD724EB20EC45BEB77D8AF84764F14652AF599A31D1DB709648CBC2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00E80668
                                                                                                                                                                                                                                                        • Part of subcall function 00E832A4: RaiseException.KERNEL32(?,?,?,00E8068A,?,00F31444,?,?,?,?,?,?,00E8068A,00E61129,00F28738,00E61129), ref: 00E83304
                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00E80685
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                      • Opcode ID: a8c0d12a8daf92e75e42bec7aa18cb8377e5ec9abc24ff1bdfeb254e58d43fc5
                                                                                                                                                                                                                                                      • Instruction ID: 4f24720836fb46708830ee014564cc9507464ca72941d632b48b1513c76a829c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8c0d12a8daf92e75e42bec7aa18cb8377e5ec9abc24ff1bdfeb254e58d43fc5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBF0223090020DB78B10BAB4E856D9E7BAC5E00354B60A130F92CB69E1EF31DA2AC781
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E61BF4
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00E61BFC
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E61C07
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E61C12
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00E61C1A
                                                                                                                                                                                                                                                        • Part of subcall function 00E61BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00E61C22
                                                                                                                                                                                                                                                        • Part of subcall function 00E61B4A: RegisterWindowMessageW.USER32(00000004,?,00E612C4), ref: 00E61BA2
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00E6136A
                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00E61388
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 00EA24AB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                      • Opcode ID: 1049fcf03d301b5fcd6dcd2ef9434e92c28cab947412ae744d2d734a3cdc2ec0
                                                                                                                                                                                                                                                      • Instruction ID: 829475d04bdf0bc3baaae8ff99b95495de9f3fc1c3cac8f10518bb94669bb380
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1049fcf03d301b5fcd6dcd2ef9434e92c28cab947412ae744d2d734a3cdc2ec0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D71BBB590120C8FC384DF79FD466653AE2FBC93B4728A22AD50AE7362EB304405EF54
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E63A04
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00ECC259
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 00ECC261
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00ECC270
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                      • Opcode ID: 4aeed9763ef37402a1e5ae84eac784673e85fcbfcb1706d0a38885c01d592ff0
                                                                                                                                                                                                                                                      • Instruction ID: 75b67556134d4cdae4d3e0a22cea8d8e75f0ac4de3b07ca847b3efcc8b5848b5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aeed9763ef37402a1e5ae84eac784673e85fcbfcb1706d0a38885c01d592ff0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D131E570900744AFEB329F748995BE7BBECAB06308F24109ED1DEB3251C3755A89CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(00000000,00000000,?,?,00E985CC,?,00F28CC8,0000000C), ref: 00E98704
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00E985CC,?,00F28CC8,0000000C), ref: 00E9870E
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00E98739
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                      • Opcode ID: 37a7d8b32087a9c91d7803d3be2ca8d5f96ceb8f9d9e866ebc4bc3768694c810
                                                                                                                                                                                                                                                      • Instruction ID: af07ecaf71b9c58d8388b6ce0340a8579392cbd5d408702357a584d25cef8170
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a7d8b32087a9c91d7803d3be2ca8d5f96ceb8f9d9e866ebc4bc3768694c810
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42012B336056201ADE25A274AA45B7E67994BC377CF39215AFD18FF1F3DEA08C81C690
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00E6DB7B
                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00E6DB89
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E6DB9F
                                                                                                                                                                                                                                                      • Sleep.KERNELBASE(0000000A), ref: 00E6DBB1
                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 00EB1CC9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                      • Opcode ID: 2e46a50c99e9186927362fa0b37028cf8b6baead88d593e7d1ae80c0e7641041
                                                                                                                                                                                                                                                      • Instruction ID: 005537d17dd7dbd825fdb7a27417150ac2d661e1855cc56f97b647b9392d7ce9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e46a50c99e9186927362fa0b37028cf8b6baead88d593e7d1ae80c0e7641041
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20F05E306483489BE734DBB19C59FEA73A8EB84364F605919E61AA30D0DB30A448DB25
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00E717F6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                      • Opcode ID: 26b75ade48a921f4a68c561ec5e5b4decd8dda98da92d6984300fc25c1c56576
                                                                                                                                                                                                                                                      • Instruction ID: e746822c239d9234ec0a29bd647956599936f30790e8c9c01fc6391344f23067
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26b75ade48a921f4a68c561ec5e5b4decd8dda98da92d6984300fc25c1c56576
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49228C706083419FC714DF18C480B6ABBF1BF85314F28A9ADF49AAB361D735E945CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 00EA2C8C
                                                                                                                                                                                                                                                        • Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2
                                                                                                                                                                                                                                                        • Part of subcall function 00E62DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E62DC4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                      • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                      • Opcode ID: 9cc279393e197fe0dccedbba6e32ef2bd682b6c255d6074cc1564426a714318c
                                                                                                                                                                                                                                                      • Instruction ID: db44c0c2b7b6bb721f9cea8d5bd7e6add5e8e77308197ce6d6851482f7c2ff76
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cc279393e197fe0dccedbba6e32ef2bd682b6c255d6074cc1564426a714318c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4721A571A002989FDB01EF94D845BEE7BF9AF49314F009059E505FB241DBB45A898F61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E63908
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                      • Opcode ID: f5522605353eeb4c5eec2e81ee137310d925c16a5c2baa75ff278e3026391899
                                                                                                                                                                                                                                                      • Instruction ID: 9e65520ce96d5222c8b775e0c39679ba47090ce20ae8924674750bf22742d830
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5522605353eeb4c5eec2e81ee137310d925c16a5c2baa75ff278e3026391899
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD31D5B05043018FD720DF34D8857D7BBE8FB49358F00092EF599A7280E771AA44CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 00E7F661
                                                                                                                                                                                                                                                        • Part of subcall function 00E6D730: GetInputState.USER32 ref: 00E6D807
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00EBF2DE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                      • Opcode ID: 58b712a12dec4f540f87e53fe163443682432881aceaadca3d322cc32c254bf4
                                                                                                                                                                                                                                                      • Instruction ID: 0b76df242120dfad8f075735a5fd7d3eac386b9356cf78c4b37c98a9d4cb579d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58b712a12dec4f540f87e53fe163443682432881aceaadca3d322cc32c254bf4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F082312802059FD310EF75E945BAAB7E9EF45760F10402AE85AE7360DB70A844CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00E6BB4E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                      • Opcode ID: 5c4f39e6af1dbea96089bdfb286c7b6a036be1940292cdc2024108713ab04e77
                                                                                                                                                                                                                                                      • Instruction ID: 8f7e1023762b24ebe9c82d14b8ec37d12bcff59998bc5c8f06515a2f7447b6b7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c4f39e6af1dbea96089bdfb286c7b6a036be1940292cdc2024108713ab04e77
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1329B30A402099FDB24CF58D894AFFB7F9EF44398F18A059E905BB261D774AD81CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E9C
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E64EAE
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E90: FreeLibrary.KERNEL32(00000000,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EC0
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EFD
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E62
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E64E74
                                                                                                                                                                                                                                                        • Part of subcall function 00E64E59: FreeLibrary.KERNEL32(00000000,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E87
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                      • Opcode ID: 2c6d6eb586b4f51a3736e3e833af5e1d1b821be7f130905608207e4da11f037e
                                                                                                                                                                                                                                                      • Instruction ID: 94fc307032614b0a6caa0deac7f6a3e9c9087209442abb67b148e2e44c7a570e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c6d6eb586b4f51a3736e3e833af5e1d1b821be7f130905608207e4da11f037e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8112372780305AACB15BB70EC02FAD77E4AF54790F20A42EF542BA1C1EE71AA059790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                      • Opcode ID: 3efc5d9aa73374b20e59d4146ec217bec9bf2b2c7928ce2b456d946b5c7c8a81
                                                                                                                                                                                                                                                      • Instruction ID: b7cc17255eb1b3bf0bf0d3536907ba0d6dae5b00f20b8196cff19733bdf245f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3efc5d9aa73374b20e59d4146ec217bec9bf2b2c7928ce2b456d946b5c7c8a81
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A11187590410AAFCF05DF58E9419DE7BF5EF49314F104069F818AB312DA31EA11CBA5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E94C7D: RtlAllocateHeap.NTDLL(00000008,00E61129,00000000,?,00E92E29,00000001,00000364,?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?), ref: 00E94CBE
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9506C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                      • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                      • Instruction ID: cf5b756c62c1774f3922d62c0a171396af5755aac5b48c6a64975fd0ff220e34
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9014E732047056BEB32CF65D84195AFBECFB85370F25061DE594A32C0E6306905C7B4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                      • Instruction ID: 916079a87ceafdeab4c5b2a1e0eddd43a6289c5a531f8de33bab7d4ad9100dec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67F02832510A14AADF313A698C05B9A33D89F92334F142719F52DB33E2EB70D80297A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00E61129,00000000,?,00E92E29,00000001,00000364,?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?), ref: 00E94CBE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                      • Opcode ID: 4d04f65f3b6cf8d0f209061b1e8e8bd11aac40a26d7dcc2707f55c94678e9b8d
                                                                                                                                                                                                                                                      • Instruction ID: 5f384a5d139d4e48c41818c38d27d4dbced28a17ffbfe33679f15ae30332f666
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d04f65f3b6cf8d0f209061b1e8e8bd11aac40a26d7dcc2707f55c94678e9b8d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3F0B4B16022246EFF216F629C05F9AB7C8BF417A5B286215B81DBA1D0CA30D80286A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                      • Opcode ID: 3d8931f84fb543e10135f6dd74ca432f9014297103b9c1a2ac9ff3d0323240c5
                                                                                                                                                                                                                                                      • Instruction ID: 35c66326fbdca0c7431b951a519bfbb3aa920fb000f67003cef3ac0f95a3d7eb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d8931f84fb543e10135f6dd74ca432f9014297103b9c1a2ac9ff3d0323240c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83E0E53110122956DE3536779C04BDA36C9AF427B8F152221BC09B69D0CB10DD0192E0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64F6D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                      • Opcode ID: 19fe29fcb2c9596cd6cc5928184600bb2f8deff033bf91768471c114aae89dd0
                                                                                                                                                                                                                                                      • Instruction ID: c9cfe92fc7e0d4fa623fe0257eeb84b24da28eb8ec34d448fcc66fdb02bffa4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19fe29fcb2c9596cd6cc5928184600bb2f8deff033bf91768471c114aae89dd0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EF030B1245751CFDB389F64E490862B7F4BF14359320A97EE1DAA2652C7319848DF10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00EF2A66
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                      • Opcode ID: b6fef06edc21edffe766d858934b2feae265b88bf8fdde8aa62f27f30927174c
                                                                                                                                                                                                                                                      • Instruction ID: e4f2b36341501a7e02035652e3a4737ef6584017db0c5042e3be3d6262ca66b5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6fef06edc21edffe766d858934b2feae265b88bf8fdde8aa62f27f30927174c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AEE04F7635451AAAC714EE30ED809FA739CEB50395710553EAE1AE2140EB309A96D6A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00E6314E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                      • Opcode ID: 4004b2aef952be74fe5d0c087c315d4cc0bf0238c70a9fdea14973cf1d222083
                                                                                                                                                                                                                                                      • Instruction ID: 90b121118e2ec5ecd1fa3c3500f17bfbcb1ab5d1a274bd60b7098ddc5964fe9c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4004b2aef952be74fe5d0c087c315d4cc0bf0238c70a9fdea14973cf1d222083
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF030709143189FEB529F24DC8A7DA7BFCBB0171CF1001E9A688A7292DB745B88CF51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E62DC4
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                      • Opcode ID: 5a524e347ff6d2e1a101db84258520a641453a555be745ceab6b5ab45bed8ade
                                                                                                                                                                                                                                                      • Instruction ID: 2ac1443f7c362bc42dda3fd79bcb088c29ab50ac0bf48b87e530a70446acc6a8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a524e347ff6d2e1a101db84258520a641453a555be745ceab6b5ab45bed8ade
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2E0CD766001245FC71096589C05FEA77DDDFC87D0F0440B1FD09F7258D960BD84C550
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E63908
                                                                                                                                                                                                                                                        • Part of subcall function 00E6D730: GetInputState.USER32 ref: 00E6D807
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00E62B6B
                                                                                                                                                                                                                                                        • Part of subcall function 00E630F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00E6314E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                      • Opcode ID: b561989d2323adf542ed8964be33b56e9e27bf5cea3cb655b5d472c7fc93a05e
                                                                                                                                                                                                                                                      • Instruction ID: 6efec5315ef91a5ae521d88537d2f9e09bf7cfeca9aad4072a2f7d054cc9e256
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b561989d2323adf542ed8964be33b56e9e27bf5cea3cb655b5d472c7fc93a05e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FE0862174424806C608BB75B8565BDF7D9DBE63E5F40353EF542B31A3CE2445499252
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,00000000,?,00EA0704,?,?,00000000,?,00EA0704,00000000,0000000C), ref: 00EA03B7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                      • Opcode ID: 6e06db66dbf498d1ff4d2b88c1df48f9b9fb029734000eb3859c5b66925374ff
                                                                                                                                                                                                                                                      • Instruction ID: cf4505c9ba2d9a22e0517310d5cb52ef6ce2bafb35e372ed95166a63438297a2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e06db66dbf498d1ff4d2b88c1df48f9b9fb029734000eb3859c5b66925374ff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66D06C3204010DBFDF028F85DD06EDA3BAAFB88714F114000BE5866020C732E831EB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00E61CBC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                      • Opcode ID: b012c9926ff27269296f040747505dcfeb8b8933bd216e0efb0c1c7346ea2bac
                                                                                                                                                                                                                                                      • Instruction ID: f695165bfb17ac1ab3ea6892876d8b47f6ae73a57bfbd46ec7fa6f69d3861f16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b012c9926ff27269296f040747505dcfeb8b8933bd216e0efb0c1c7346ea2bac
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0C09B3528030CDFF2544780BD4AF107755B34CB11F144001F609655E3C3A11414F650
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00EF961A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EF965B
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00EF969F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EF96C9
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF96F2
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00EF978B
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00EF9798
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EF97AE
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 00EF97B8
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EF97E9
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF9810
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00EF7E95), ref: 00EF9918
                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00EF992E
                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00EF9941
                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 00EF994A
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00EF99AF
                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00EF99BC
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EF99D6
                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00EF99E1
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF9A19
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF9A26
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00EF9A80
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF9AAE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00EF9AEB
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF9B1A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00EF9B3B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00EF9B4A
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF9B68
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF9B75
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EF9B93
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00EF9BFA
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF9C2B
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00EF9C84
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00EF9CB4
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00EF9CDE
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00EF9D01
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00EF9D4E
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00EF9D82
                                                                                                                                                                                                                                                        • Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF9E05
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                      • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                      • Opcode ID: 6247171cca338b601943927ad02fdbd6c25e6b7b38b6febb44da7f2c6a9f564d
                                                                                                                                                                                                                                                      • Instruction ID: a6d99fe094aa400b4f0b8a7c941695cf47a31ab7a63b613c7d36f53a8612439e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6247171cca338b601943927ad02fdbd6c25e6b7b38b6febb44da7f2c6a9f564d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A428D30204248AFD724CF24CC44BBABBE5FF88724F255619F699E72A2D7319854DF52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00EF48F3
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00EF4908
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00EF4927
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00EF494B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00EF495C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00EF497B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00EF49AE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00EF49D4
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00EF4A0F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00EF4A56
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00EF4A7E
                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00EF4A97
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00EF4AF2
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00EF4B20
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF4B94
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00EF4BE3
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00EF4C82
                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00EF4CAE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF4CC9
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00EF4CF1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00EF4D13
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF4D33
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00EF4D5A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                      • Opcode ID: e9ddbe6fafacbe3aa14af57c4bfafacfaaf8a0ea7c055627548eb2dd020576b3
                                                                                                                                                                                                                                                      • Instruction ID: 9b4e8dffb0cd18c58182aa65eab2ada02963114055bc6002c87f754af4cdad3a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9ddbe6fafacbe3aa14af57c4bfafacfaaf8a0ea7c055627548eb2dd020576b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B12E0B1600258ABEB248F29CC49FBF7BE8EF85714F206119F619FA1E1D7749A40CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00E7F998
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EBF474
                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 00EBF47D
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 00EBF48A
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00EBF494
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EBF4AA
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00EBF4B1
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EBF4BD
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 00EBF4CE
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 00EBF4D6
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00EBF4DE
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00EBF4E1
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF4F6
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00EBF501
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF50B
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00EBF510
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF519
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00EBF51E
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EBF528
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00EBF52D
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00EBF530
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00EBF557
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: 6d0b5694ecdecdf28e6869992220305103261ac4c63ce9935243b887c6a25c40
                                                                                                                                                                                                                                                      • Instruction ID: d3b6af7a2ead75d6ef86a8885960eb56785b49d3ea52fc1a5b8a5cb03d7ed9fe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d0b5694ecdecdf28e6869992220305103261ac4c63ce9935243b887c6a25c40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58313071A4021CBEEB206BB65D4AFBF7E6CEB84B50F211066F605F61D1C6B19D00EA61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: GetLastError.KERNEL32 ref: 00EC174A
                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00EC1286
                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00EC12A8
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EC12B9
                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00EC12D1
                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 00EC12EA
                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 00EC12F4
                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00EC1310
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EC11FC), ref: 00EC10D4
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10BF: CloseHandle.KERNEL32(?,?,00EC11FC), ref: 00EC10E9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                                                                                      • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                      • Opcode ID: 9e95f50bff2fc4ddb8098ee026c933ca72269ba700eecbee0ce17597f817b608
                                                                                                                                                                                                                                                      • Instruction ID: c6dcee78c0dd0023ebdafa8e6688e54912d2d16449b1e6883ff5fb4187647327
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e95f50bff2fc4ddb8098ee026c933ca72269ba700eecbee0ce17597f817b608
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E81AD71900209AFDF259FA4DE49FEE7BB9FF45704F2451A9F920B21A1D7328946CB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D
                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EC0BCC
                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EC0C00
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EC0C17
                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00EC0C51
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EC0C6D
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EC0C84
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00EC0C8C
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EC0C93
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EC0CB4
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00EC0CBB
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EC0CEA
                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EC0D0C
                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EC0D1E
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D45
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0D4C
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D55
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0D5C
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0D65
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0D6C
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00EC0D78
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0D7F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: GetProcessHeap.KERNEL32(00000008,00EC0BB1,?,00000000,?,00EC0BB1,?), ref: 00EC11A1
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00EC0BB1,?), ref: 00EC11A8
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00EC0BB1,?), ref: 00EC11B7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                      • Opcode ID: 35b1bbb922e3445ce29190c76a5fc97c87b0fb73118c483f1f4bf1ba1febfa12
                                                                                                                                                                                                                                                      • Instruction ID: bd579a6c8e601698983cd62858e72b8bbf1c83855da41e53b41320807446433e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35b1bbb922e3445ce29190c76a5fc97c87b0fb73118c483f1f4bf1ba1febfa12
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3719D7190020AEFDF10DFA5DE44FAEBBB8BF44704F244519E915B6291D772A906CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00EFCC08), ref: 00EDEB29
                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 00EDEB37
                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 00EDEB43
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00EDEB4F
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00EDEB87
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00EDEB91
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00EDEBBC
                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 00EDEBC9
                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 00EDEBD1
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00EDEBE2
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00EDEC22
                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 00EDEC38
                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 00EDEC44
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00EDEC55
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00EDEC77
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00EDEC94
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00EDECD2
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00EDECF3
                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 00EDED14
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00EDED59
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                      • Opcode ID: 70296211c3921224e58d6f0f5654c5e16e8de7323536e7fe137dd7fec0f4aac5
                                                                                                                                                                                                                                                      • Instruction ID: 5b499ab15cf871314e96f5145b97aabaf052721469c1371cf2e3d36adefa5bd1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70296211c3921224e58d6f0f5654c5e16e8de7323536e7fe137dd7fec0f4aac5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E061C2342042059FD310EF20D988F7A77E4EF84758F24655AF456BB3A2CB31E90ACB62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ED69BE
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED6A12
                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00ED6A4E
                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00ED6A75
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED6AB2
                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00ED6ADF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                      • Opcode ID: 9c7f83aed65039da6abd7a25d79d0f153df71e9e38a9b9b9ba9af1eeff74460f
                                                                                                                                                                                                                                                      • Instruction ID: d83d89fd8ad352c8897410a359f09d8f452717c69a49e6992d26f6c74043a071
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c7f83aed65039da6abd7a25d79d0f153df71e9e38a9b9b9ba9af1eeff74460f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3D17171548300AFC314EBA0D991EABB7ECEF88704F04591EF585E7291EB74DA48CB62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00ED9663
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00ED96A1
                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 00ED96BB
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00ED96D3
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED96DE
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00ED96FA
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED974A
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00F26B7C), ref: 00ED9768
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00ED9772
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED977F
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED978F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 503399fbfc1b1424c756a17525a94180ecad5232eaba34b12d177389602f435a
                                                                                                                                                                                                                                                      • Instruction ID: 9c9a45da746bc64b234a60b7f03072424e56b2701581a13d8ad218929a5ca438
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 503399fbfc1b1424c756a17525a94180ecad5232eaba34b12d177389602f435a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E631CE3254161D6EDB14AFB5ED08AEE77ACEF89324F205197E814F22B1DB30DA49CB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00ED97BE
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00ED9819
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED9824
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00ED9840
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED9890
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00F26B7C), ref: 00ED98AE
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00ED98B8
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED98C5
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED98D5
                                                                                                                                                                                                                                                        • Part of subcall function 00ECDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00ECDB00
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 277a02959a7c7ed204cc38ea9e25527ca691aaa5b515914c9087ab89dca9a535
                                                                                                                                                                                                                                                      • Instruction ID: 7f4f68f794cd9501d26edad983df2ba26ab84846b18b12b59cfca28daf9711c0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 277a02959a7c7ed204cc38ea9e25527ca691aaa5b515914c9087ab89dca9a535
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9031053654061D6EEF14AFB5EC48AEE73ACDF46724F205156E804F22B1DB31D94ADB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBF3E
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00EEBFA9
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEBFCD
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00EEC02C
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00EEC0E7
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC154
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC1E9
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00EEC23A
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00EEC2E3
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EEC382
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEC38F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3102970594-0
                                                                                                                                                                                                                                                      • Opcode ID: e5ddf2d41375c78de5f92a6d66050a897f795d407c007a9db3607cef9c16307a
                                                                                                                                                                                                                                                      • Instruction ID: b613ddacb962c8f59dbb95b37bc95a2da25ec8ac8f714ac105fcb6b5565d9ef1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5ddf2d41375c78de5f92a6d66050a897f795d407c007a9db3607cef9c16307a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B50282716042449FC714CF25C895E2AB7E5EF89318F28D49DF84AEB2A2DB31EC46CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00ED8257
                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00ED8267
                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00ED8273
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00ED8310
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8324
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8356
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00ED838C
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8395
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 6ee72774031b538e8eb6960cc3245fc44467ce40144a49db6d134651e35db95c
                                                                                                                                                                                                                                                      • Instruction ID: e46ec1deee45e6d6c7807630c0661fd3047cff56f37f55298a7a9224550817eb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ee72774031b538e8eb6960cc3245fc44467ce40144a49db6d134651e35db95c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA618C725043459FC710EF60D9409AEB3E8FF89314F14591EF989E7261EB31E94ACB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ECD122
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00ECD1DD
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00ECD1F0
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 00ECD20D
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00ECD237
                                                                                                                                                                                                                                                        • Part of subcall function 00ECD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00ECD21C,?,?), ref: 00ECD2B2
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 00ECD253
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ECD264
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                      • Opcode ID: e767bdf453643b7f4ad39d6389d84fcbdf0969effafecda66d865adfbed219c0
                                                                                                                                                                                                                                                      • Instruction ID: 4ce69c977e493edf2047480825a7503c14ddfa482bedfa2b5ef901844680c8f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e767bdf453643b7f4ad39d6389d84fcbdf0969effafecda66d865adfbed219c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40617E3184510D9ECF09EBE0EE52EEDB7B9AF55344F246069E401771A2EB325F0ADB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                      • Opcode ID: f7f2b7de22385f38541baeebb764567c85227974d310fdb32ee5b7c3b653d4d4
                                                                                                                                                                                                                                                      • Instruction ID: 619343253a4ebed62ce3359a80b72a99f10ed559c0115eb75a0a9464428c76b5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7f2b7de22385f38541baeebb764567c85227974d310fdb32ee5b7c3b653d4d4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED419F352046119FE310DF15D888B29BBE1EF44318F25D09AE859AF762C775EC46CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
                                                                                                                                                                                                                                                        • Part of subcall function 00EC16C3: GetLastError.KERNEL32 ref: 00EC174A
                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 00ECE932
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                      • Opcode ID: 864a011d041963d55d4caefdcd56be37a2a5ce12868c0ec14fb20f45fc915740
                                                                                                                                                                                                                                                      • Instruction ID: 17b614b60374b872b8c489d6239e7fa0097a1a51c9dcf7db6c1efe6872bc918a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 864a011d041963d55d4caefdcd56be37a2a5ce12868c0ec14fb20f45fc915740
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA014E32610214AFFB5422759E86FFF729C9744744F241569FC03F32D2D5B25C46C290
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00EE1276
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1283
                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00EE12BA
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE12C5
                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00EE12F4
                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00EE1303
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE130D
                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00EE133C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                      • Opcode ID: b8828e3d6620b440a6bc686dd87e8e36b771e3069e5d7a324e731958d4d00b60
                                                                                                                                                                                                                                                      • Instruction ID: e3aa0b0d8c804e41d96cb376a69d76953f60360f04478ebddf1224c0bd8c2857
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8828e3d6620b440a6bc686dd87e8e36b771e3069e5d7a324e731958d4d00b60
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5941C5306001849FD714DF65D984B69B7E5BF8A318F2890C8D956AF2A2C771ECC5CBE1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ECD420
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 00ECD470
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00ECD481
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ECD498
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ECD4A1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                      • Opcode ID: 297a312d8bd4ce4a2e014995aaafbb775de758b025085c382187f164ad80b0c2
                                                                                                                                                                                                                                                      • Instruction ID: 9ae7c7b2eb29c9b72e9071379cdecd4b05d7a18908d863684d940e600e50e449
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 297a312d8bd4ce4a2e014995aaafbb775de758b025085c382187f164ad80b0c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D131AF3104C3449FC204EF60E9519AF77E8BE91354F546A2DF4E5A31A1EB31AA09CB63
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                      • Opcode ID: df56a21f5a5ed9001b4b0b4d21d0f5912a4ae071d73c6d2b4497a7be028b05ca
                                                                                                                                                                                                                                                      • Instruction ID: 6e793025c89693e794410ee799189f369a7ab0646b3a378477c2fec2f4e9e4c9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df56a21f5a5ed9001b4b0b4d21d0f5912a4ae071d73c6d2b4497a7be028b05ca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DC23871E086288FDF29CE289D407EAB7B5EB48309F1551EAD94DF7241E774AE818F40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED64DC
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00ED6639
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00EFFCF8,00000000,00000001,00EFFB68,?), ref: 00ED6650
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00ED68D4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                      • Opcode ID: 46ba3d199a09601027e5286b1a6469659e7f7712cc03eaa8924597c0304b35ca
                                                                                                                                                                                                                                                      • Instruction ID: 2581eb9f3b12fbf7ad887d3fac529a81aaa61f3f56ce4ffa1f700685bf62d3b0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46ba3d199a09601027e5286b1a6469659e7f7712cc03eaa8924597c0304b35ca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63D18B71608301AFC304EF24D88196BB7E8FF94748F10592DF595AB292DB71ED46CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 00EE22E8
                                                                                                                                                                                                                                                        • Part of subcall function 00EDE4EC: GetWindowRect.USER32(?,?), ref: 00EDE504
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EE2312
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EE2319
                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00EE2355
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EE2381
                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00EE23DF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                      • Opcode ID: ecede23a6e6bef002a918b8a757a544159bd5e76daea17eaa0edbe14160eb041
                                                                                                                                                                                                                                                      • Instruction ID: 0f40470f9505d2ff9879f3a5f3b097ebfb15ab0b6d45ab52cea7134872a72ca6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecede23a6e6bef002a918b8a757a544159bd5e76daea17eaa0edbe14160eb041
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6531DE7210434AAFCB20DF16C808B6BB7AAFB84714F10191DF984A7281DA34E909CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00ED9B78
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00ED9C8B
                                                                                                                                                                                                                                                        • Part of subcall function 00ED3874: GetInputState.USER32 ref: 00ED38CB
                                                                                                                                                                                                                                                        • Part of subcall function 00ED3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED3966
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00ED9BA8
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00ED9C75
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                      • Opcode ID: cb22d561c5b7e88e14d71534516b9c444328cff45ec0cfa637602ac71c9e3f94
                                                                                                                                                                                                                                                      • Instruction ID: 1d02f7b0832c072b47da6ab6cd23ae33523febfb1b70bd486291f4e087671d46
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb22d561c5b7e88e14d71534516b9c444328cff45ec0cfa637602ac71c9e3f94
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6416D7194020AAFCF14DF64DD45AEEBBF8EF45354F245056E405B22A2EB309E45CF61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 00E79A4E
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00E79B23
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00E79B36
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                      • Opcode ID: c62859efaa5421c58695c2bdbcb944e5a5f01a6d97c7fb743a53f7f38510a7c9
                                                                                                                                                                                                                                                      • Instruction ID: 125729a4ce62d856a1a10b0a7d6d2e7d01fb633c13ecd09309451e1849f96a4c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c62859efaa5421c58695c2bdbcb944e5a5f01a6d97c7fb743a53f7f38510a7c9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDA14C7010A418AEE7249A3C8C48EFB369DEFC2354F25A10AF546F6A97CA259D01D375
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE304E: _wcslen.LIBCMT ref: 00EE309B
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00EE185D
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1884
                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00EE18DB
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE18E6
                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00EE1915
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                      • Opcode ID: 0d113082b6d146c0089ec565e0176f0ca80bdafbc95a264af51587925d7ce004
                                                                                                                                                                                                                                                      • Instruction ID: 6a8d81bb5e0e5aac8c133d23b754edc4bcd9f3189a7fe9541a8f3d3c31b6da26
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d113082b6d146c0089ec565e0176f0ca80bdafbc95a264af51587925d7ce004
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB511670A402449FD710AF24D886F7A77E5AB84358F189088F95ABF3C3D771AD41CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                      • Opcode ID: 944ef73e11704111fd46d36e6e24f67edab1f502940a06853fb9a4c5f4aea695
                                                                                                                                                                                                                                                      • Instruction ID: 5447e4ea11d3fa37ce503d8d4d07ddf16882d9fd243d35f5b03eeab44da4d15e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 944ef73e11704111fd46d36e6e24f67edab1f502940a06853fb9a4c5f4aea695
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0921B4317402089FD7248F1AD844B76BBE5AF85315B29A098E945EB351C771DC46CB90
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                      • Opcode ID: 63dcead24255ab5544c2e3fb0e4075d7f6a5f60eba0b50793ae1bcb6d512c257
                                                                                                                                                                                                                                                      • Instruction ID: e1dd76ab8d6454ca1da31c2db5d74927448f3326b3bf20b76226abffa0cf9cf0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63dcead24255ab5544c2e3fb0e4075d7f6a5f60eba0b50793ae1bcb6d512c257
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06A29171E4021ACBDF24CF58D9407EEB7B1BF59354F24929AE815BB285DB30AD81CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00ECAAAC
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 00ECAAC8
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00ECAB36
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00ECAB88
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                      • Opcode ID: cc0b1ae2f918fcd521a222d4744ceda08591ab42dd67288a521511f3adf0f284
                                                                                                                                                                                                                                                      • Instruction ID: 9a3daea1d62e65a89ac91dc6793f6d82dd16f4748508801553128fe5277b8b38
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc0b1ae2f918fcd521a222d4744ceda08591ab42dd67288a521511f3adf0f284
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6310970A4020CAEEB358A65CE05FFA77B6AB44318F18522EF181B61D1D7768D86C752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9BB7F
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32 ref: 00E9BB91
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,00F3121C,000000FF,?,0000003F,?,?), ref: 00E9BC09
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,?,00F31270,000000FF,?,0000003F,?,?,?,00F3121C,000000FF,?,0000003F,?,?), ref: 00E9BC36
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 806657224-0
                                                                                                                                                                                                                                                      • Opcode ID: ff4cb36236ab2d12565d526c18360a588c4b0c74a550cf0a4443793a4bb4c9f0
                                                                                                                                                                                                                                                      • Instruction ID: 68cf2bb66d9f167f8362b9e1756ea8c286f3f414210b4212d49bfe5651bb87ba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff4cb36236ab2d12565d526c18360a588c4b0c74a550cf0a4443793a4bb4c9f0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F931CF70904209DFCF10DF69ED8096EBBB9FF45320B2452AAE410EB2A1D770DD00DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 00EDCE89
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 00EDCEEA
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 00EDCEFE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                      • Opcode ID: 9f7d0cb4faa38a0839f01ac8e570269804c2f110864725ec59cc484bc04edc4b
                                                                                                                                                                                                                                                      • Instruction ID: 690f41f4830d8add39af0bdb55981d07f2ff0cb15f78f28a8305d2280dd8bd21
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f7d0cb4faa38a0839f01ac8e570269804c2f110864725ec59cc484bc04edc4b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3721AEB16007069FE7209FA5C944BAA77FCEB40398F30541AE946E2251E770E906DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00EC82AA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                      • String ID: ($|
                                                                                                                                                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                      • Opcode ID: 7f42ec58a86260976b6c19b37001a3faf006c8f6fd1823c2aac06473c72f6994
                                                                                                                                                                                                                                                      • Instruction ID: 702695d572767705d4d0585fd9f1c08329c9659b6243782ccba979f086c62703
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f42ec58a86260976b6c19b37001a3faf006c8f6fd1823c2aac06473c72f6994
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59323775A006059FC728CF19C680E6AB7F0FF48714B11D56EE49AEB3A1EB70E942CB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ED5CC1
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00ED5D17
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00ED5D5F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                                                                                                                      • Opcode ID: b51cf9aebf9de4cc58f17abf5814149cacbc4969c1cdf67eb3c7c4f8d448ca57
                                                                                                                                                                                                                                                      • Instruction ID: 00e1202570a7d8a2566354ea2ac028bc2307ef08b9f960ed08ac324bb31caa71
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51cf9aebf9de4cc58f17abf5814149cacbc4969c1cdf67eb3c7c4f8d448ca57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6651BC35600A019FC714CF28D484EAAB7E4FF49318F24955EE99A9B3A1CB30EC05CFA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00E9271A
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E92724
                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00E92731
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a05f6da2069d2a9af996e462d20e3b10b6f59c39ac672301dc4631a217c8271
                                                                                                                                                                                                                                                      • Instruction ID: 4b6dc396ed0472a0656a166667a9892714e90dbf7e05c96b5e62605dff873636
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a05f6da2069d2a9af996e462d20e3b10b6f59c39ac672301dc4631a217c8271
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8131C27490121CABCB21DF68DD8879CBBB8AF08310F6051EAE91CB6261E7309F858F44
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00ED51DA
                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00ED5238
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00ED52A1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                      • Opcode ID: 8a1b316e488fe564be680dc9661c854398901b7ed765d991d3bb227d561cf242
                                                                                                                                                                                                                                                      • Instruction ID: 78260a372cc943ed6209634b35108419059adafbb5c3b0c8d7989cef2f5085d0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1b316e488fe564be680dc9661c854398901b7ed765d991d3bb227d561cf242
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C314175A00518DFDB00DF54D884EADBBF5FF49318F189099E845AB362DB31E85ACB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E80668
                                                                                                                                                                                                                                                        • Part of subcall function 00E7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00E80685
                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EC170D
                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EC173A
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EC174A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                      • Opcode ID: 44f0418a506f25acb0187e48416e4d2b650b10c302753a0b800bbfaf6b0f341b
                                                                                                                                                                                                                                                      • Instruction ID: 673e55cec74472141419d18359a8b00737fb19785611e98f4a1c6600fa594d2b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44f0418a506f25acb0187e48416e4d2b650b10c302753a0b800bbfaf6b0f341b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E211C1B2500308FFD7289F54DD86E6AB7F9EB45714B20856EE05663241EB71BC42CB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00ECD608
                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00ECD645
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00ECD650
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                      • Opcode ID: 5cb109242442644dc1a8a667c8f1b777967075c849776f22599de7845e3f9aa3
                                                                                                                                                                                                                                                      • Instruction ID: d7bc84b850e40a0b2c1fafb6e0eab2b4e969e8c46bab279b42f5539516708c06
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cb109242442644dc1a8a667c8f1b777967075c849776f22599de7845e3f9aa3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF1170B1E05228BFDB108F959D44FAFBBBCEB45B50F208125F904F7290C2704A05CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00EC168C
                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00EC16A1
                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 00EC16B1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                      • Opcode ID: b7faf7c8c31be8734794b2d06784e55342e991e1799fdad725b1801b4e3505a6
                                                                                                                                                                                                                                                      • Instruction ID: 8dfad69924ef9bd31f366a544d7636960ccbb96eebefbdbbc5e66f36ffc032bd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7faf7c8c31be8734794b2d06784e55342e991e1799fdad725b1801b4e3505a6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6F0447194030CFFDB00CFE08D89EAEBBBCEB08204F2048A4E500E2181E730AA089A50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 00EBD28C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                      • Opcode ID: 82adc534a6b1c07dd632f7998fdd969b3d901e18541168beb614a01e496b7059
                                                                                                                                                                                                                                                      • Instruction ID: 63fb96c82167815865354720312c21e3cda7cdc5e5a87992783d43689d914299
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82adc534a6b1c07dd632f7998fdd969b3d901e18541168beb614a01e496b7059
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AD0C9B480511DEECB94CB90DC88DDAB37CBF04305F205155F106B2000DB3095498F10
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                      • Instruction ID: 1d3f515b954367f98f020b4034e146007427142f817b9708040be8b7b94c9670
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D020A71E002199BDF14DFA9C8806ADFBF1EF49314F25916AE91DFB280D731AA41CB94
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00ED6918
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00ED6961
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                      • Opcode ID: 7cbb0d907bc0315d7758c77cbcd9d9ff19dbdbf16d581c472827cc22c3a1147e
                                                                                                                                                                                                                                                      • Instruction ID: f9310921991fd1f0977cff7541c3ae7c4085a991381e480aa3d260272ce108a0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cbb0d907bc0315d7758c77cbcd9d9ff19dbdbf16d581c472827cc22c3a1147e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D1190316046409FD710DF69D488A26BBE5FFC9328F14D69AE4699F3A2C730EC06CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00EE4891,?,?,00000035,?), ref: 00ED37E4
                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00EE4891,?,?,00000035,?), ref: 00ED37F4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                      • Opcode ID: 57b8fe6dd0288eff2ae01d5971cad666262c135064dcd03b9368150361e9450b
                                                                                                                                                                                                                                                      • Instruction ID: 602decf2f53eaa1d5148a65d244519d0518143d128b93177547b524791dd2e04
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57b8fe6dd0288eff2ae01d5971cad666262c135064dcd03b9368150361e9450b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F055B07012292EE72013B68C4CFEB3AAEEFC47A0F100163F508F2281C9609908C6B0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00ECB25D
                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00ECB270
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                      • Opcode ID: 85ebb98e75f14e32689d46f80f3ea61ba2b10116fe3a4f498b2860785639848f
                                                                                                                                                                                                                                                      • Instruction ID: 06ded0617d948dc3d0d55399fc8e203706dd16b116769b0294baaef0cb430422
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85ebb98e75f14e32689d46f80f3ea61ba2b10116fe3a4f498b2860785639848f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1F01D7180424DAFDB059FA1C906BFE7BB4FF08309F10940AF955A51A1C3799615DF94
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EC11FC), ref: 00EC10D4
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00EC11FC), ref: 00EC10E9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                      • Opcode ID: 452b338cd3ec781a00c59a567ad118f58185ce182b0aa95025ad234ec1dd9b15
                                                                                                                                                                                                                                                      • Instruction ID: 9bae42c26d9c5622317596ebeb48179f596bd2a34b65864b6b9701719e93aa6e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 452b338cd3ec781a00c59a567ad118f58185ce182b0aa95025ad234ec1dd9b15
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5E0BF72018610AEE7252B51FD05F7777E9EF04320F24C86DF5A5904B1DB626C91DB54
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • Variable is not of type 'Object'., xrefs: 00EB0C40
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                      • API String ID: 0-1840281001
                                                                                                                                                                                                                                                      • Opcode ID: e51c896ae20d25330ad2631f66dd61125906b7b05fe473b7f67e6b3b2acd7b3f
                                                                                                                                                                                                                                                      • Instruction ID: 3d1db921c466dd925040ca56c27f61b8b388cb07f98f544b7a9a97465979b4cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e51c896ae20d25330ad2631f66dd61125906b7b05fe473b7f67e6b3b2acd7b3f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05328F70A40218DBCF14DF90E885AFEB7F5BF04388F24A069E846BB292D775AD45CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E96766,?,?,00000008,?,?,00E9FEFE,00000000), ref: 00E96998
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                      • Opcode ID: f189e87bb20cdca1d2bef4820f5e0eb74bc39684f09368ea51746bc3fd3b23f6
                                                                                                                                                                                                                                                      • Instruction ID: c1202090567a59d788eb06afab9280e2ac33faac2d8c4bbb740115cb4c9726d7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f189e87bb20cdca1d2bef4820f5e0eb74bc39684f09368ea51746bc3fd3b23f6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82B16E71610608DFDB19CF28C48ABA57BE0FF45368F25D65AE899DF2A2C335D981CB40
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: e442fcc5ed1f06e4d9e128594baaf003e04884e4887b3508e2ab8657ab4173b3
                                                                                                                                                                                                                                                      • Instruction ID: 6358c52ced5ebf56a086f5455d32c3219783edb6d7e81ba22a095604d565b086
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e442fcc5ed1f06e4d9e128594baaf003e04884e4887b3508e2ab8657ab4173b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 571251759002299BCB24CF58C9807EEB7F5FF48710F14919AE849FB255EB749E81CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 00EDEABD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                      • Opcode ID: e478783bff1138f96968e5738a87b594feb9158cc24992b251f03653ca44ab1a
                                                                                                                                                                                                                                                      • Instruction ID: 0eb05a33525f4c267b5da3fb2801c86b1eb94fa3db1e19262394c8a6dc7db504
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e478783bff1138f96968e5738a87b594feb9158cc24992b251f03653ca44ab1a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EE012312002059FC710EF59D404D9AB7D9EF987A4F109416FC45EB351D670A8458B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00E803EE), ref: 00E809DA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                      • Opcode ID: 6159c517cd0c9db8f6ef7c1f2b2b0b59a93ac4f9dac9e2b7f4e72d8281e55122
                                                                                                                                                                                                                                                      • Instruction ID: 795ac02d112859ab49f89cd6b35c5d1af2194ac0ffc6cfe0f1dbb5874e89439d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6159c517cd0c9db8f6ef7c1f2b2b0b59a93ac4f9dac9e2b7f4e72d8281e55122
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                      • Instruction ID: 3cc61938671e0e47e1c351c395fc9144648bcb65c8698ea6c3444c813b15831b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E551A52160C7155BDB3CB968898E7FE27C99B82388F383409D8CEF7282DA11DE41D352
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 4a87a5b14680cb9a8ba19fdbbe71be3e1b284a1bdafa6ecc61fec7e553ab58f0
                                                                                                                                                                                                                                                      • Instruction ID: 61173f0c2c2152437657e228ec1ae1dd6c805f8f36930d0e37eae45b1e50fe61
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a87a5b14680cb9a8ba19fdbbe71be3e1b284a1bdafa6ecc61fec7e553ab58f0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29323322D79F014DDB639634CC26336A289BFB73C5F15E737E85AB59A6EB28C4835100
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 835ea0966c74a1fff0c55d924643937ca9ded9cb430b7b30c6e684c05c69c134
                                                                                                                                                                                                                                                      • Instruction ID: cfbbc8c06dc705886feb8a7bf491e87a51febef7ca1a3f958237d2318702e7d7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 835ea0966c74a1fff0c55d924643937ca9ded9cb430b7b30c6e684c05c69c134
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6322731A081198BDF39CF28C4D06FEBBA5EB45308F38A56AD45AFB291D634DD81DB41
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: be50cc52e2563d6b67a9da3fb4e6022c62da50fce90a7b0caef0e0d931977b7d
                                                                                                                                                                                                                                                      • Instruction ID: aa00d89a1333e055b055289d945c1d55a8316cd72481e8618961decd82cce70f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be50cc52e2563d6b67a9da3fb4e6022c62da50fce90a7b0caef0e0d931977b7d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D22DFB1A006099FDF14CFA4D841AEEB3F6FF49344F206129E856BB291EB35AD15CB50
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: ded1646cbf878e2ed06ec5889e35e0f4128117986b4b52a7d15b37751f37a305
                                                                                                                                                                                                                                                      • Instruction ID: c39a5938b4e75b46bd14e11db490089a1e2a70046019e01c2d1fd3feb85f1c82
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ded1646cbf878e2ed06ec5889e35e0f4128117986b4b52a7d15b37751f37a305
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F902B7B0A00109EBDB14DF64D881AAEB7F5FF49354F119169E80ABB391E731AE11CB91
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 7ad09b276d87a16badc7d040b69f40ffb7d35b1e0d77753b5056367fd2a750eb
                                                                                                                                                                                                                                                      • Instruction ID: 25717555a3555b38bafc081529887ef82dc874baaf187572c5ac77679844e949
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ad09b276d87a16badc7d040b69f40ffb7d35b1e0d77753b5056367fd2a750eb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16B11220E2AF444DD72396398871336B65CBFBB6D5F92D31BFC2674D62EB2286835140
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                      • Instruction ID: 717e4b2752974680626d48df1b347c922d85aca2ea0675de94ff754345913232
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6291A9722080A34ADB2D563E843417DFFE55A923A631A27DED4FEEA1C1FE20C955D720
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                      • Instruction ID: 7cda0cbbf877617672d8b443b11a13ee22e3a16b4f2dc11d707e1f74fb99e64a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6591B6722090A30EDB2D5239853807EFFE15A923A531A27DDD5FEEB1C5EE24C954E720
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                      • Instruction ID: 356964031cf59ee82049e91c22c04b27002e6fb1044ecd7628be87f48c043280
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4391C2722090A34ADB2D527A857407DFFE94A923A630A17DED4FEEA1C1FE10C5569720
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5d42b98b104c7d552bd3ab179e8297668bd99fa33a079a05f8fd984374424545
                                                                                                                                                                                                                                                      • Instruction ID: 1fb7e82ada5dd29181a2ec6349b5a89d927538a6623c6586a580c277a61038cf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d42b98b104c7d552bd3ab179e8297668bd99fa33a079a05f8fd984374424545
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE61893124870956DA38BA288D95BFEA3D7DF51708F343959E8CEFB281D611DE42C315
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 310e6d1c1d4c583c71df8e7d14d6b096fa629cd1f9c312969011f8910c7c1490
                                                                                                                                                                                                                                                      • Instruction ID: d693e5a83c45788380df43f0351c34566f1f6a51a128465ab413ff4ba3ff63d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 310e6d1c1d4c583c71df8e7d14d6b096fa629cd1f9c312969011f8910c7c1490
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5661473160C70996DA38BA284955BBE6384AF43748F30395DE8CEFB2C1EA12ED428355
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                      • Instruction ID: 925d44c7cbef1ff0b601408b87db0cac3dfd44581623eb3ed2b7e7b39e659584
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D81C3326080A30EDB2D523A853407EFFE55A923A531A27DED4FEEB1C1EE24C555E720
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 8f9928efed8c0635a7325ea99df355544910aaab824386effac2a8e66a3a10f8
                                                                                                                                                                                                                                                      • Instruction ID: a5e8ff2bba1807284984226036939af4cf020450a5a85c97009b88bb0def16e8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f9928efed8c0635a7325ea99df355544910aaab824386effac2a8e66a3a10f8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A551808694EFC65FD30382748CAA4E5AF758C471303ACE7DF8189166CBE689050BD786
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: f98c7f8ac2f996c05fb8adcb95aa740c9edd7e6bd27971725bd9e05a91e3d660
                                                                                                                                                                                                                                                      • Instruction ID: 74799fc568e47eed03a4456237650c697bf7b66aea861b64c496204be1fa5573
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f98c7f8ac2f996c05fb8adcb95aa740c9edd7e6bd27971725bd9e05a91e3d660
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D21D5323206158BDB28CE79C82367A73E5EB64320F14862EE4A7D33D0DE35A904DB80
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EE2B30
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EE2B43
                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EE2B52
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EE2B6D
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EE2B74
                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00EE2CA3
                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00EE2CB1
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2CF8
                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00EE2D04
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EE2D40
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D62
                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D75
                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D80
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00EE2D89
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2D98
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00EE2DA1
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2DA8
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00EE2DB3
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2DC5
                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00EFFC38,00000000), ref: 00EE2DDB
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00EE2DEB
                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00EE2E11
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00EE2E30
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE2E52
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EE303F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                      • Opcode ID: 1e5b20307d995bef1d05d336b79caa2dd18ec57c609a9a2b2a77a39e41968186
                                                                                                                                                                                                                                                      • Instruction ID: d7b0e332e65107315e7d42124c84823cc3ab9fb99008c26570c7273f60cbefa0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e5b20307d995bef1d05d336b79caa2dd18ec57c609a9a2b2a77a39e41968186
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65029D71A00208AFDB14DF65CD89EAE7BB9FF48714F208158F915BB2A1DB70AD05CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00EF712F
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00EF7160
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00EF716C
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00EF7186
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00EF7195
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00EF71C0
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 00EF71C8
                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00EF71CF
                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 00EF71DE
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EF71E5
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00EF7230
                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00EF7262
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF7284
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: GetSysColor.USER32(00000012), ref: 00EF7421
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: SetTextColor.GDI32(?,?), ref: 00EF7425
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: GetSysColorBrush.USER32(0000000F), ref: 00EF743B
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: GetSysColor.USER32(0000000F), ref: 00EF7446
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: GetSysColor.USER32(00000011), ref: 00EF7463
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EF7471
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: SelectObject.GDI32(?,00000000), ref: 00EF7482
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: SetBkColor.GDI32(?,00000000), ref: 00EF748B
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: SelectObject.GDI32(?,?), ref: 00EF7498
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00EF74B7
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EF74CE
                                                                                                                                                                                                                                                        • Part of subcall function 00EF73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00EF74DB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                      • Opcode ID: bbfd4c6fafc65eb4971e1dcc4d9c9c3e8c893f223267c2f0050daabfdecda10a
                                                                                                                                                                                                                                                      • Instruction ID: d399d539852f9b4b563ff356342a4726569c4030706c4de78ff937ef802c5b4a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbfd4c6fafc65eb4971e1dcc4d9c9c3e8c893f223267c2f0050daabfdecda10a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFA19571009309AFD7009F61DD48EBB77A9FB89320F301A19F6A2A61E1D771D949CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 00E78E14
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 00EB6AC5
                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00EB6AFE
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00EB6F43
                                                                                                                                                                                                                                                        • Part of subcall function 00E78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E78BE8,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78FC5
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 00EB6F7F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00EB6F96
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00EB6FAC
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00EB6FB7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 2ed147a75ac6a06ed24f4276eff72fead140cdf3296cd8b7e1f739d357595dca
                                                                                                                                                                                                                                                      • Instruction ID: 1f71da76bba30c4cca81b0ca4d61f50f4e5667a753b9a46005dc2f61e3edbfa4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ed147a75ac6a06ed24f4276eff72fead140cdf3296cd8b7e1f739d357595dca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C712BD30601205DFDB25DF24CA88BFABBF1FB54314F24A469E489AB261CB35E852DF51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 00EE273E
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EE286A
                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00EE28A9
                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00EE28B9
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00EE2900
                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00EE290C
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00EE2955
                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00EE2964
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00EE2974
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00EE2978
                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00EE2988
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EE2991
                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00EE299A
                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00EE29C6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 00EE29DD
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00EE2A1D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00EE2A31
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00EE2A42
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00EE2A77
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00EE2A82
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00EE2A8D
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00EE2A97
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                      • Opcode ID: 43050a47629c090540b32f08fa9e29b28290448a7482314d2d1b707b71d51091
                                                                                                                                                                                                                                                      • Instruction ID: 2cd574395ebe07bbbd7aa2f5724ae9e893e83142b7f7c9b3c50bc720fec6b029
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43050a47629c090540b32f08fa9e29b28290448a7482314d2d1b707b71d51091
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73B17B71A40209AFEB14DFA9DD49EAE7BA9FB48710F104119FA15E7290D770ED44CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00ED4AED
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00EFCB68,?,\\.\,00EFCC08), ref: 00ED4BCA
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00EFCB68,?,\\.\,00EFCC08), ref: 00ED4D36
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                      • Opcode ID: 0f0f1da964be8c267a5b4fe5de7b656cfc234202d1d46124cbb3c0cd2053fdf8
                                                                                                                                                                                                                                                      • Instruction ID: abacd1f1d405acf23b3f0b3e4fc5ae54d43cce10ca156ad2e122d3bb15881b9f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f0f1da964be8c267a5b4fe5de7b656cfc234202d1d46124cbb3c0cd2053fdf8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2661D5B1656109DBDB04DF14DA81AB8B7B1EB64344B206417F806FB3D2DB32ED42EB42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00EF7421
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00EF7425
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00EF743B
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00EF7446
                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 00EF744B
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00EF7463
                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EF7471
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00EF7482
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00EF748B
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00EF7498
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00EF74B7
                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EF74CE
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00EF74DB
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EF752A
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00EF7554
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00EF7572
                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 00EF757D
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00EF758E
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00EF7596
                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,00EF70F5,000000FF,?,00000000), ref: 00EF75A8
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00EF75BF
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00EF75CA
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00EF75D0
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00EF75D5
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00EF75DB
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00EF75E5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                      • Opcode ID: 97a45f6a328b55de911a31ef13f2508d7ce68aae66228d8b832d48e113d7d386
                                                                                                                                                                                                                                                      • Instruction ID: 5daf5c41c3d0950a2cf074a708539f19b37f2298922d5d0ce6de532f2ce472ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97a45f6a328b55de911a31ef13f2508d7ce68aae66228d8b832d48e113d7d386
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72615A7290421CAFDF019FA5DD49EEEBFB9EB48320F214115FA15BB2A1D7709944CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF1128
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EF113D
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EF1144
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF1199
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EF11B9
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00EF11ED
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF120B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EF121D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00EF1232
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00EF1245
                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00EF12A1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00EF12BC
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00EF12D0
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EF12E8
                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00EF130E
                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00EF1328
                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 00EF133F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 00EF13AA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                      • Opcode ID: a8e2e981d31e538a218d093205b638d606eb83c7b121b324931f8f08d3552c56
                                                                                                                                                                                                                                                      • Instruction ID: fa087b2544b23cf9abf033995201b0eedfe3083dcdc368e7f57e2836330a9a35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e2e981d31e538a218d093205b638d606eb83c7b121b324931f8f08d3552c56
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5B1B071608349EFD700DF64C884BAABBE4FF84754F10995CFA99AB261D770D844CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E78968
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00E78970
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E7899B
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 00E789A3
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 00E789C8
                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E789E5
                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00E789F5
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E78A28
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E78A3C
                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 00E78A5A
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00E78A76
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E78A81
                                                                                                                                                                                                                                                        • Part of subcall function 00E7912D: GetCursorPos.USER32(?), ref: 00E79141
                                                                                                                                                                                                                                                        • Part of subcall function 00E7912D: ScreenToClient.USER32(00000000,?), ref: 00E7915E
                                                                                                                                                                                                                                                        • Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000001), ref: 00E79183
                                                                                                                                                                                                                                                        • Part of subcall function 00E7912D: GetAsyncKeyState.USER32(00000002), ref: 00E7919D
                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,00E790FC), ref: 00E78AA8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                      • Opcode ID: 5e9e911ca29813d6bd5b6fe7149f7752683b6279ff54c84f032dfbfb952f9f56
                                                                                                                                                                                                                                                      • Instruction ID: bf57b0b5eaf42b4e2cb49aaec69041b76fc2340f8ade5e96dfc3d60bc9037fd4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e9e911ca29813d6bd5b6fe7149f7752683b6279ff54c84f032dfbfb952f9f56
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4B17D71A002099FDB14DF68CD59BEE3BB5FB48314F21922AFA19B7290DB74E840CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
                                                                                                                                                                                                                                                        • Part of subcall function 00EC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D
                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EC0DF5
                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EC0E29
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EC0E40
                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00EC0E7A
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EC0E96
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EC0EAD
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00EC0EB5
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EC0EBC
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EC0EDD
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00EC0EE4
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EC0F13
                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EC0F35
                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EC0F47
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F6E
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0F75
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F7E
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0F85
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC0F8E
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0F95
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00EC0FA1
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC0FA8
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: GetProcessHeap.KERNEL32(00000008,00EC0BB1,?,00000000,?,00EC0BB1,?), ref: 00EC11A1
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00EC0BB1,?), ref: 00EC11A8
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00EC0BB1,?), ref: 00EC11B7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                      • Opcode ID: ec8b93969d03b8389d4298de4256761f7b8a0d4c6a98b1ac0158b07ad4b73e2c
                                                                                                                                                                                                                                                      • Instruction ID: ad3ad353b4e4cdee058b7f36171a211e5168e3fbb85565cb3ed350f63fe330d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec8b93969d03b8389d4298de4256761f7b8a0d4c6a98b1ac0158b07ad4b73e2c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02716F71A0020AEFDF209FA5DE44FAEBBB8BF45304F244119F919F6151D7319A5ACB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEC4BD
                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,00EFCC08,00000000,?,00000000,?,?), ref: 00EEC544
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00EEC5A4
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEC5F4
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EEC66F
                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00EEC6B2
                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00EEC7C1
                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00EEC84D
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00EEC881
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEC88E
                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00EEC960
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                      • Opcode ID: e655514d19e9dad7a2596ca087454c6c2baa3f8891e70e2b3f7db9ec653fe523
                                                                                                                                                                                                                                                      • Instruction ID: ba300756bb25d11908ca1e5b36945eafd196087720f4e1601149b76d1cc8e5b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e655514d19e9dad7a2596ca087454c6c2baa3f8891e70e2b3f7db9ec653fe523
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55128D356042419FC714DF15D881A2AB7E5FF88754F24989DF88AAB3A2DB31FC42CB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00EF09C6
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF0A01
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EF0A54
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF0A8A
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF0B06
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF0B81
                                                                                                                                                                                                                                                        • Part of subcall function 00E7F9F2: _wcslen.LIBCMT ref: 00E7F9FD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EC2BFA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                      • Opcode ID: 22de28d1d26802a76d22ef82b42823f709f01fa89d4356aaabab9824aaea7110
                                                                                                                                                                                                                                                      • Instruction ID: 37c41d06d97670cd44c78957028af8a360c16d1e2eca9ddadf25e13a9d599143
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22de28d1d26802a76d22ef82b42823f709f01fa89d4356aaabab9824aaea7110
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BE1DA312087058FC714EF24C45097AB7E2BF88358B50A99DF99ABB3A2D731ED45CB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                      • Opcode ID: 8731913019e0136a952b55b3c9b4523c5115010b692e068bd2bdfd5b9abe1e0e
                                                                                                                                                                                                                                                      • Instruction ID: 0b9b13fd5c170c9986e0649b38991c606902b2b18d4752016d9ba2b2dd9a5970
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8731913019e0136a952b55b3c9b4523c5115010b692e068bd2bdfd5b9abe1e0e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 597119326001AE8BCB20EE7ED9415FF3395ABA0758B312534F86EB7285E631CD42D390
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF835A
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF836E
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF8391
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF83B4
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00EF83F2
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00EF361A,?), ref: 00EF844E
                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EF8487
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00EF84CA
                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EF8501
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00EF850D
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00EF851D
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?), ref: 00EF852C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00EF8549
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00EF8555
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                      • Opcode ID: 79beb862002d83bc705e7b28414e7cccec8490c02a13b97c8856995332529360
                                                                                                                                                                                                                                                      • Instruction ID: 0c6b54eb3efc4ea4347a5d6d04c957beefbd5497809ec5ee1cd5bc5665ad35a5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79beb862002d83bc705e7b28414e7cccec8490c02a13b97c8856995332529360
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F661F07150021ABFEB14DF64CD41BBE77A8FB44710F20560AF919F60D0EB74A984C7A0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                      • Opcode ID: ab9062428a6c6116a438a2f7ede2f366f974479cf66148f60f96c2d0d3dc1d92
                                                                                                                                                                                                                                                      • Instruction ID: 53bc45d08b1ac1c328ecb43ac1f920046e647461981c5e05b72de5a551d0bd6b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab9062428a6c6116a438a2f7ede2f366f974479cf66148f60f96c2d0d3dc1d92
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A811571684605BBDB20AF60ED42FBE37E8AF15348F106025FD48BB192EB70E901C7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00ED3EF8
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED3F03
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED3F5A
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED3F98
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?), ref: 00ED3FD6
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED401E
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED4059
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ED4087
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                      • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                      • Opcode ID: 00403314949de6ee408bd7ababfbc8b17c4e4e78375c7e4b0cfd4aa0cff6d47a
                                                                                                                                                                                                                                                      • Instruction ID: f21a0b5f97a7e717eedbd55f1dcfacf6f2ef51a1b6cfc23a430ec432e94cec48
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00403314949de6ee408bd7ababfbc8b17c4e4e78375c7e4b0cfd4aa0cff6d47a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D71D3726042169FC310EF34D8818AAB7F4EF94798F10592EF495A7391EB31ED46CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00EC5A2E
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00EC5A40
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00EC5A57
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00EC5A6C
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00EC5A72
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EC5A82
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00EC5A88
                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00EC5AA9
                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00EC5AC3
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EC5ACC
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EC5B33
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00EC5B6F
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EC5B75
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EC5B7C
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00EC5BD3
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00EC5BE0
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 00EC5C05
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00EC5C2F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                      • Opcode ID: d0036a1c83ef1fc90d7e9654ace034669d042f682a729687014a9b7c40d86a28
                                                                                                                                                                                                                                                      • Instruction ID: 189030cc0c3e5386ea38c95578734d71be51627cc06709b2d6102c8101fc6e13
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0036a1c83ef1fc90d7e9654ace034669d042f682a729687014a9b7c40d86a28
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2715A32900A09AFDB20DFA9CE85FAEBBF5FB48704F20551DE146B25A0D776B945CB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00EDFE27
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 00EDFE32
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00EDFE3D
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00EDFE48
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 00EDFE53
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 00EDFE5E
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 00EDFE69
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 00EDFE74
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 00EDFE7F
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 00EDFE8A
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 00EDFE95
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00EDFEA0
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 00EDFEAB
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00EDFEB6
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 00EDFEC1
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00EDFECC
                                                                                                                                                                                                                                                      • GetCursorInfo.USER32(?), ref: 00EDFEDC
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EDFF1E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215588206-0
                                                                                                                                                                                                                                                      • Opcode ID: d8809abe726599eb24cb78dadff4d63d3b7328bb52c76b9e0fdb020f0c88f7fe
                                                                                                                                                                                                                                                      • Instruction ID: d5f74a26e403379521ce4d80b74edb9d67e73f36b4dabab111f9b1d94ea850a1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8809abe726599eb24cb78dadff4d63d3b7328bb52c76b9e0fdb020f0c88f7fe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C94154B0E44319AEDB10DFBA9C8586EBFE8FF04754B50452AE11DE7281DB78D901CE91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00E800C6
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00F3070C,00000FA0,2D6EC699,?,?,?,?,00EA23B3,000000FF), ref: 00E8011C
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00EA23B3,000000FF), ref: 00E80127
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00EA23B3,000000FF), ref: 00E80138
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00E8014E
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00E8015C
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00E8016A
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E80195
                                                                                                                                                                                                                                                        • Part of subcall function 00E800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00E801A0
                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 00E800E7
                                                                                                                                                                                                                                                        • Part of subcall function 00E800A3: __onexit.LIBCMT ref: 00E800A9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 00E80133
                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 00E80162
                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 00E80148
                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 00E80154
                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00E80122
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                      • Opcode ID: 2883600416176e4abcef9f675b668af27d80c32fac24793dc3ed03ab540ff787
                                                                                                                                                                                                                                                      • Instruction ID: f22d6df708702cb370d9eb73c762812cc81a960f1e464fe2829118e31e3a00d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2883600416176e4abcef9f675b668af27d80c32fac24793dc3ed03ab540ff787
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D2107326427196FE7506B64AD09B3933E4DF45B71F20112AF90DB3291DF619808CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                      • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                      • Opcode ID: e6ec44e63b8fdb35d546521fe6b254fd991c627c3d6dc54bfbb15235ea778e67
                                                                                                                                                                                                                                                      • Instruction ID: 680eefe2b2f32c64010690df3711005d695439e30360555637c1913b620f472a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6ec44e63b8fdb35d546521fe6b254fd991c627c3d6dc54bfbb15235ea778e67
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24E1E431A006269BCB189FB8C541FEDFBB0BF54714F64E11EE46AB7240DB31AE469790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,00EFCC08), ref: 00ED4527
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED453B
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED4599
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED45F4
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED463F
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED46A7
                                                                                                                                                                                                                                                        • Part of subcall function 00E7F9F2: _wcslen.LIBCMT ref: 00E7F9FD
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00F26BF0,00000061), ref: 00ED4743
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                      • Opcode ID: 0a4296babc225d9bc212c07fbc82affa944aeb1f42b6cbbc258cd5b970350378
                                                                                                                                                                                                                                                      • Instruction ID: 7e24b7b6671c38e647f4bc9c38a50db4ebc3859cda4f74992665cef95bf8b0b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a4296babc225d9bc212c07fbc82affa944aeb1f42b6cbbc258cd5b970350378
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AB102B16083029FC710DF28D890A6AB7E5EFA5764F10691EF4AAE73D1D730D846CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00EFCC08), ref: 00EE40BB
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00EE40CD
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00EFCC08), ref: 00EE40F2
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00EFCC08), ref: 00EE413E
                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028,?,00EFCC08), ref: 00EE41A8
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000009), ref: 00EE4262
                                                                                                                                                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00EE42C8
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00EE42F2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                      • Opcode ID: ae88a5e1ef9555b58a3fea567f47b6c467ac2ea8bc6adb0cb22246e539ef83c6
                                                                                                                                                                                                                                                      • Instruction ID: 9bc150191f486e0083a2ac5eb3d04680a2d5af95f99d61ceb51064e4bff0c890
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae88a5e1ef9555b58a3fea567f47b6c467ac2ea8bc6adb0cb22246e539ef83c6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2126EB1A00149EFDB14DF95C884EAEB7B5FF85318F249098F905AB291D731ED46CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00F31990), ref: 00EA2F8D
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00F31990), ref: 00EA303D
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EA3081
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00EA308A
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00F31990,00000000,?,00000000,00000000,00000000), ref: 00EA309D
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00EA30A9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: a6650721fae1a959478fdcedbcc36e3cc40f3b34d51ee3e081f1c1b666e03bf7
                                                                                                                                                                                                                                                      • Instruction ID: 09f1af3609c9de54acc9f05ed49914247d48d4d6a66f442e813e6036ae960470
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6650721fae1a959478fdcedbcc36e3cc40f3b34d51ee3e081f1c1b666e03bf7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8712930644209BEEB218F39DD49FAABF68FF05368F20520AF6157A1E0C7B1B954D750
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00EF6DEB
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00EF6E5F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00EF6E81
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF6E94
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EF6EB5
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00E60000,00000000), ref: 00EF6EE4
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EF6EFD
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EF6F16
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EF6F1D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EF6F35
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00EF6F4D
                                                                                                                                                                                                                                                        • Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                      • Opcode ID: 0aa3fcf9e187f6ba9053e813b0888f4365b4d63e8019f8ab1896ac9dae3ff943
                                                                                                                                                                                                                                                      • Instruction ID: 73b1595168c2b51dc26ffff1ac12e20fffea7bbaf7779074bf044e720d659b21
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aa3fcf9e187f6ba9053e813b0888f4365b4d63e8019f8ab1896ac9dae3ff943
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5716C71104248AFDB21DF18D844BBABBE9FB89708F14541DF689A7261C770ED0ADB12
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00EF9147
                                                                                                                                                                                                                                                        • Part of subcall function 00EF7674: ClientToScreen.USER32(?,?), ref: 00EF769A
                                                                                                                                                                                                                                                        • Part of subcall function 00EF7674: GetWindowRect.USER32(?,?), ref: 00EF7710
                                                                                                                                                                                                                                                        • Part of subcall function 00EF7674: PtInRect.USER32(?,?,00EF8B89), ref: 00EF7720
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00EF91B0
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00EF91BB
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00EF91DE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00EF9225
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00EF923E
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00EF9255
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00EF9277
                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 00EF927E
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00EF9371
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                      • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                      • Opcode ID: 226fff89bbac76ccfd0d38c38389e012789f526d62082ddae6cf4c627b33f72b
                                                                                                                                                                                                                                                      • Instruction ID: 1fc75f693f912862d000da59c42b7916f31b2db899972bbb7235f241087637da
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 226fff89bbac76ccfd0d38c38389e012789f526d62082ddae6cf4c627b33f72b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E616A71108305AFD701EF60ED85EAFBBE8EFC8790F10192DF595A21A1DB309A49CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EDC4B0
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00EDC4C3
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00EDC4D7
                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00EDC4F0
                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00EDC533
                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00EDC549
                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EDC554
                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EDC584
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00EDC5DC
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00EDC5F0
                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00EDC5FB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: cfbe1445f9756c5520edd74589b7c8ec674ad6108ac5fe3ebfd58363f0e6fb00
                                                                                                                                                                                                                                                      • Instruction ID: c275191be1f7ea5c58456b4f10d7d08b9d4111a9b8c430653abb8db0c55461f9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfbe1445f9756c5520edd74589b7c8ec674ad6108ac5fe3ebfd58363f0e6fb00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E517FB150060ABFDB219F61D948ABB7BFCFF48788F20541AF945E6250DB30E949DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00EF8592
                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00EF85A2
                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00EF85AD
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EF85BA
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00EF85C8
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00EF85D7
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00EF85E0
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EF85E7
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00EF85F8
                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00EFFC38,?), ref: 00EF8611
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00EF8621
                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 00EF8641
                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00EF8671
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EF8699
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00EF86AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                      • Opcode ID: 8ece81a2ab9a89a62308893eda1318e596cade621bbfa1afa6957b54c39f3220
                                                                                                                                                                                                                                                      • Instruction ID: 1ee1a4fa9047984f702ab89567054c68542a472f62347215fe7f2cad8925fb49
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ece81a2ab9a89a62308893eda1318e596cade621bbfa1afa6957b54c39f3220
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D410A75600208AFDB11DFA6DE48EBA7BB8FF89B55F214058F905E72A0DB309D05DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00ED1502
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00ED150B
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00ED1517
                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00ED15FB
                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00ED1657
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00ED1708
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00ED178C
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00ED17D8
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00ED17E7
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00ED1823
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                      • Opcode ID: 8688afd1f43c9fe3cc5f93d674f724bbbdf6c1749a73fedd312a2129fb104042
                                                                                                                                                                                                                                                      • Instruction ID: 2382d8a8bd884abf69166512ce5986bd7151cf8a908d19c09bc27ad8fdc78330
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8688afd1f43c9fe3cc5f93d674f724bbbdf6c1749a73fedd312a2129fb104042
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88D1DE71A00205EBDB109F65E885BBDB7F5FF85700F24909BE406BB291DB38D846DB62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEB6F4
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEB772
                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 00EEB80A
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00EEB87E
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00EEB89C
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00EEB8F2
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EEB904
                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00EEB922
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00EEB983
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEB994
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                      • Opcode ID: b6c5d99ab9e321ff3d3742afe31037b50c000b126418430b9a696788dc48baad
                                                                                                                                                                                                                                                      • Instruction ID: f206ef7a2dce0826bd36b2ec360e80a3b39c87e9bfc800d468872867a3a9d2d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6c5d99ab9e321ff3d3742afe31037b50c000b126418430b9a696788dc48baad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17C19D30204245AFD714DF15C495F2ABBE5BF84348F24A55CF49AAB3A2CB71EC46CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EE25D8
                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00EE25E8
                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 00EE25F4
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00EE2601
                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00EE266D
                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00EE26AC
                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00EE26D0
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00EE26D8
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00EE26E1
                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 00EE26E8
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 00EE26F3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                      • Opcode ID: 9d7db6bc57cb7145b5e60f331b6f015053ea423510c1c58f88ad496a2b7c373e
                                                                                                                                                                                                                                                      • Instruction ID: 4b34b796dffe09e9540cdecde3daa2b95bf408b46d77d1dae56c8454e2f86ea2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d7db6bc57cb7145b5e60f331b6f015053ea423510c1c58f88ad496a2b7c373e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4561D175D00219EFCB04CFA9D984AAEBBF9FF48310F20852AEA55B7250D770A955CF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 00E9DAA1
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D659
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D66B
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D67D
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D68F
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6A1
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6B3
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6C5
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6D7
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6E9
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D6FB
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D70D
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D71F
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D63C: _free.LIBCMT ref: 00E9D731
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DA96
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DAB8
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DACD
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DAD8
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DAFA
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB0D
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB1B
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB26
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB5E
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB65
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB82
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9DB9A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                      • Opcode ID: cc40270b5b1446514bd5f3ec637d8578c0e4a18b73ca600a35bbe765c1b39b9a
                                                                                                                                                                                                                                                      • Instruction ID: d270f3b9fd587b295aa8531a34875fb8635c5b0e758b15dfb91fc83e49a139ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc40270b5b1446514bd5f3ec637d8578c0e4a18b73ca600a35bbe765c1b39b9a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01318B31608714AFEF21AA38EC41B9AB7E9FF40324F106419E548F7192EF71AC50C760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EC369C
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EC36A7
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00EC3797
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00EC380C
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EC385D
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EC3882
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EC38A0
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 00EC38A7
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EC3921
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00EC395D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                      • Opcode ID: 7844f973614e90e640c13fd57d2cccbdc0f71acde95f8cb978a8194a81f5218e
                                                                                                                                                                                                                                                      • Instruction ID: c680489570dba980fe1fbcdde793c2b5caaeb3b1a6111cad7895b198439e44ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7844f973614e90e640c13fd57d2cccbdc0f71acde95f8cb978a8194a81f5218e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB91C071204606AFD718DF34C985FAAB7E8FF84314F10952DF999E2190DB31EA4ACB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00EC4994
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00EC49DA
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EC49EB
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 00EC49F7
                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00EC4A2C
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00EC4A64
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00EC4A9D
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00EC4AE6
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00EC4B20
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EC4B8B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                      • Opcode ID: 5c48670fabaa112c758fe014c4d0b6ee3aacecbca909b48a9818a056bb00f44c
                                                                                                                                                                                                                                                      • Instruction ID: 85787b594a7b5eb5b2b19d4bde5876ac05364c510c3a0852e2ab8dc8ac889bde
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c48670fabaa112c758fe014c4d0b6ee3aacecbca909b48a9818a056bb00f44c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D191B0B10042059FDB04DE14CA95FAA77E8EF84718F04646DFD89A60D6DB31ED46CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00F31990,000000FF,00000000,00000030), ref: 00ECBFAC
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(00F31990,00000004,00000000,00000030), ref: 00ECBFE1
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 00ECBFF3
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00ECC039
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00ECC056
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 00ECC082
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 00ECC0C9
                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00ECC10F
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00ECC124
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00ECC145
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 2b248d09fc772904cf2d97e35c171d28fbce25d68f17f86d1b3c2ec2a877db74
                                                                                                                                                                                                                                                      • Instruction ID: 68c617537008eee571d48d783d7535487b56d7e65698e35ba59192dc7df002b0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b248d09fc772904cf2d97e35c171d28fbce25d68f17f86d1b3c2ec2a877db74
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F617FB090024AAFDF11CF65CE89FEE7BB9EB45348F241059E815B3291C732AD46CB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EECC64
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00EECC8D
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EECD48
                                                                                                                                                                                                                                                        • Part of subcall function 00EECC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00EECCAA
                                                                                                                                                                                                                                                        • Part of subcall function 00EECC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00EECCBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EECC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EECCCF
                                                                                                                                                                                                                                                        • Part of subcall function 00EECC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00EECD05
                                                                                                                                                                                                                                                        • Part of subcall function 00EECC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00EECD28
                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00EECCF3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                      • Opcode ID: aa4272d3ce60e6b019b9800b0f17e2eee2cb979bc20e690673078633e55e7b88
                                                                                                                                                                                                                                                      • Instruction ID: f8022400c250de8c1c8124351fa6a006cf046e0b32676ed4604d4b6fd22fcb63
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa4272d3ce60e6b019b9800b0f17e2eee2cb979bc20e690673078633e55e7b88
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31318E7190112DBFDB209B96DC88EFFBB7CEF45744F300165A905F2240DA309A4ADAA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00ED3D40
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED3D6D
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00ED3D9D
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00ED3DBE
                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 00ED3DCE
                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00ED3E55
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00ED3E60
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00ED3E6B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                      • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                      • Opcode ID: 54bbf7c209cb2c6ba17dc87deb1891fd1bc678067ce22c3117a787a12e42f0a3
                                                                                                                                                                                                                                                      • Instruction ID: 5a4b85586aad92f7abf620676aec57443f539a92753e04a336697507bacc36bb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54bbf7c209cb2c6ba17dc87deb1891fd1bc678067ce22c3117a787a12e42f0a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9131A17190020AABDB209BA1DC49FEB37BDEF88744F2050B6F509E6160E7749749CB25
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 00ECE6B4
                                                                                                                                                                                                                                                        • Part of subcall function 00E7E551: timeGetTime.WINMM(?,?,00ECE6D4), ref: 00E7E555
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00ECE6E1
                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00ECE705
                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00ECE727
                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 00ECE746
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00ECE754
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00ECE773
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 00ECE77E
                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 00ECE78A
                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 00ECE79B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                      • Opcode ID: 09dd6b99e4c52815b2fd1d8729034a36ad8473b30cab268fddc5daedf2062218
                                                                                                                                                                                                                                                      • Instruction ID: 8b2f3677b47471c3d2de9a97b2c00c2a1c499550be68107866c52dfad27c2fae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09dd6b99e4c52815b2fd1d8729034a36ad8473b30cab268fddc5daedf2062218
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9421997120060CAFEB005F32EE8AF353B6AFB94758F306429F505F12A1DB72AC15EA15
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00ECEA5D
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00ECEA73
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00ECEA84
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00ECEA96
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00ECEAA7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                      • Opcode ID: c13cd868cf149e13fe5f224dc2385d175301d5c80ffd05071fa2fc69078780c7
                                                                                                                                                                                                                                                      • Instruction ID: a98a00f36c9b216b9ef68be8a9da4bcd5102add7ff0afdacb7ba4813854af62b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c13cd868cf149e13fe5f224dc2385d175301d5c80ffd05071fa2fc69078780c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5511A331AD02697DD720A7A1ED4AEFF7ABCEBD2B44F001429B411F21D1EE704945C9B1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00ECA012
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00ECA07D
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00ECA09D
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00ECA0B4
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00ECA0E3
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00ECA0F4
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00ECA120
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00ECA12E
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00ECA157
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00ECA165
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00ECA18E
                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00ECA19C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                      • Opcode ID: 8693d938d4b182532f31c1ed43620bc7bf8f6da82f82a47a0845aef58e96f336
                                                                                                                                                                                                                                                      • Instruction ID: 0454973cb3d7cf4176751989e85ee4fa537ef941e05fc8be027681863eb583c1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8693d938d4b182532f31c1ed43620bc7bf8f6da82f82a47a0845aef58e96f336
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3451D560A0438829FB35DA708615FEAAFF49F01388F0C55AD95C2671C3DA55AA4DC762
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00EC5CE2
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EC5CFB
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00EC5D59
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00EC5D69
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EC5D7B
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00EC5DCF
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EC5DDD
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EC5DEF
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00EC5E31
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00EC5E44
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00EC5E5A
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00EC5E67
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                      • Opcode ID: b607acbc8df5d73918f997b0e7e89cc6a5d5f0263d22032b6262ef2f842768c1
                                                                                                                                                                                                                                                      • Instruction ID: e62856757cbe055700f03707e39adf1487dfb6234c6ffa97c0a50aaef31d0297
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b607acbc8df5d73918f997b0e7e89cc6a5d5f0263d22032b6262ef2f842768c1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C511071A00609AFDF18CF69DE89EAE7BB5EB88700F209129F516F6290D770AD45CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E78BE8,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78FC5
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00E78C81
                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00E78D1B
                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 00EB6973
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00EB69A1
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000,?), ref: 00EB69B8
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00E78BBA,00000000), ref: 00EB69D4
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EB69E6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                      • Opcode ID: 7c4aae759601d2f632a641ab58705adf2f6328298f52b551885741f53a03c0ad
                                                                                                                                                                                                                                                      • Instruction ID: 9abbd6ce533902d6c812ce9fadc989648e33d1b023257540df2c5c028077db97
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c4aae759601d2f632a641ab58705adf2f6328298f52b551885741f53a03c0ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E61C230102608DFDB269F15DB4CB66B7F2FB9032AF24A529E046B65A0CB35AD84DF51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79944: GetWindowLongW.USER32(?,000000EB), ref: 00E79952
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00E79862
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                      • Opcode ID: 694e7ebe0e5f602b35f3c12ee238e3a717d93aaa91a3796cb89d702e7589dc41
                                                                                                                                                                                                                                                      • Instruction ID: 4d59da423eba33c1511f8835fc63a209eaa84dfa20ce4e08ba2a33c581dc73f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 694e7ebe0e5f602b35f3c12ee238e3a717d93aaa91a3796cb89d702e7589dc41
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C641E7311056049FEB249F39DC44BBA3B65EF87335F249645F9A6A71E2C7309C42DB11
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                      • API String ID: 0-3963672497
                                                                                                                                                                                                                                                      • Opcode ID: 7b5e62d9b4a05bdd3dbc23c6e119f83383e1d81c92c75bdc810ece86a9074121
                                                                                                                                                                                                                                                      • Instruction ID: f3d862c6ae415e36c18c56e48b17558aca4f05878490a14dcd8f6b35d3872282
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b5e62d9b4a05bdd3dbc23c6e119f83383e1d81c92c75bdc810ece86a9074121
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBC1D374A04249AFCF11EFACC841BADBBF1AF4A314F146199E528B73A2C7309941CB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00EAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00EC9717
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00EAF7F8,00000001), ref: 00EC9720
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00EAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00EC9742
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00EAF7F8,00000001), ref: 00EC9745
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00EC9866
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                      • Opcode ID: 5b3a96c41fbfa9e1942c5cb95170991dbe563f9b51db78d055b32adbb790865b
                                                                                                                                                                                                                                                      • Instruction ID: af40483280b38a0c6457d33088a8bc56a949b635cd98f6bfc0a93318b8967a1b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b3a96c41fbfa9e1942c5cb95170991dbe563f9b51db78d055b32adbb790865b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B413072840119AACB04FBE0EE46EEEB7BCAF55340F202065F50573192EB356F49DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00EC07A2
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00EC07BE
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00EC07DA
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00EC0804
                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00EC082C
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EC0837
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EC083C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                      • Opcode ID: 035bec7890b90699452ec4382e16e9f79fa4154e302e7d11bb8b357e1cfdb54b
                                                                                                                                                                                                                                                      • Instruction ID: 4183efefb3b46b6626217af8514d86f50075ac519c2202e48e092205682bc259
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 035bec7890b90699452ec4382e16e9f79fa4154e302e7d11bb8b357e1cfdb54b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42412872C50229EFDF15EBA4ED85DEDB7B8BF44790B145129E901B3161EB309E05CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00EF403B
                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00EF4042
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00EF4055
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00EF405D
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00EF4068
                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00EF4072
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00EF407C
                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00EF4092
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00EF409E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: a5436019918d4680be60236c06fdbd498459fc4520e43ce928cd542188bdcae3
                                                                                                                                                                                                                                                      • Instruction ID: 6ecd015e197890d446d383f1a2b15fe77506e167cdb60a309649e732db945c29
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5436019918d4680be60236c06fdbd498459fc4520e43ce928cd542188bdcae3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D315872101219AFDF229FA5CD08FEA3BA9EF4D724F211211FA14B61A0CB35D824DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EE3C5C
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00EE3C8A
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00EE3C94
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EE3D2D
                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00EE3DB1
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00EE3ED5
                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00EE3F0E
                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,00EFFB98,?), ref: 00EE3F2D
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00EE3F40
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00EE3FC4
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EE3FD8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                      • Opcode ID: 86ec6f53db09face6387c4531e85272c1e1e67b510b3fd449a40b7de2e48e3ee
                                                                                                                                                                                                                                                      • Instruction ID: 832d6c50ccd17dbb2e4af3583787e727c7abe6c8a6abc58a9efe5627cc8b123b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86ec6f53db09face6387c4531e85272c1e1e67b510b3fd449a40b7de2e48e3ee
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FC168716083499FC700DF69C88896BB7E9FF89748F10591DF98AAB221D731EE05CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00ED7AF3
                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00ED7B8F
                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00ED7BA3
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00EFFD08,00000000,00000001,00F26E6C,?), ref: 00ED7BEF
                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00ED7C74
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00ED7CCC
                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00ED7D57
                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00ED7D7A
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00ED7D81
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00ED7DD6
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00ED7DDC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                      • Opcode ID: 243b37ca0637cbd81271d7f0aa0258484ba8e3f354103e9daf6f5e11992cfec6
                                                                                                                                                                                                                                                      • Instruction ID: d82a4a10321511ab51e71eadfc1a8c54859bb43da9613c11a4fae82cf3a3d505
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 243b37ca0637cbd81271d7f0aa0258484ba8e3f354103e9daf6f5e11992cfec6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87C13C75A04109AFCB14DF64C884DAEBBF9FF48344B149499E85AEB361D730ED46CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00EF5504
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF5515
                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00EF5544
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00EF5585
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00EF559B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF55AC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                      • Opcode ID: e31f380583eef441348c7b4e6dc85dd205020a0f294c3920875ad5a9b8fd8d7f
                                                                                                                                                                                                                                                      • Instruction ID: 7ee7dac894986a0d168008a6adf055ba8effc6d1116e4fd9a54e99d88e7741f8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e31f380583eef441348c7b4e6dc85dd205020a0f294c3920875ad5a9b8fd8d7f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B761BE3290460CEFDF108F50CC84AFE7BB9EB55724F209049FB25B6290D7708A84DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00EBFAAF
                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 00EBFB08
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EBFB1A
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 00EBFB3A
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00EBFB8D
                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 00EBFBA1
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EBFBB6
                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 00EBFBC3
                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EBFBCC
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EBFBDE
                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EBFBE9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                      • Opcode ID: bc99c58073ea3494540a393c839781a0b8021835bc3e60eaaae621ed9dc2ffb0
                                                                                                                                                                                                                                                      • Instruction ID: 5a739e5f045a45d80c8e66066a18e2b6b349936268678068e4a56b52b29e52d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc99c58073ea3494540a393c839781a0b8021835bc3e60eaaae621ed9dc2ffb0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58413E35A002199FCB04DF65DCA49FEBBB9EF48344F209469E955B7261CB30A945CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00EC9CA1
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00EC9D22
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00EC9D3D
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00EC9D57
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00EC9D6C
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00EC9D84
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00EC9D96
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00EC9DAE
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00EC9DC0
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00EC9DD8
                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00EC9DEA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                      • Opcode ID: d2e3bbc8fd7b419d35d4c3a4a4efb6131dfc983f7e8cd88caeed81b1b0fac088
                                                                                                                                                                                                                                                      • Instruction ID: c3a36a0f41aa94f4a9bb52f3572218f33bab4d7878d9036b33560c67e4651aba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2e3bbc8fd7b419d35d4c3a4a4efb6131dfc983f7e8cd88caeed81b1b0fac088
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A41E8305047C96DFF308660860CBB5FEE06B21348F08A05EDAC7761C3DBA699C9C7A2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 00EE05BC
                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 00EE061C
                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00EE0628
                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00EE0636
                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00EE06C6
                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00EE06E5
                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 00EE07B9
                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 00EE07BF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                      • Opcode ID: 6d176cfa24219b366b947462c0adcd1378e07d4eeac41c77fc7afb0dd87e770c
                                                                                                                                                                                                                                                      • Instruction ID: b3b49766a645c076a31165b0d767c3abfaf9c7c645b9a8d9e958f20e40838d35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d176cfa24219b366b947462c0adcd1378e07d4eeac41c77fc7afb0dd87e770c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3391C1356042459FD320DF16D488F16BBE0AF84318F149599F469AB7A2C7B0FC85CF91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                      • Opcode ID: ed41117483597d52f417bfc82397f69c38860fe311cff9dc67b49c033218efd9
                                                                                                                                                                                                                                                      • Instruction ID: 36d8d57562372445eb766fc68ae1d0c02ac2483adceb4adc19683d00687242e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed41117483597d52f417bfc82397f69c38860fe311cff9dc67b49c033218efd9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB51C031A0055A9BCB24DF69CE508BEB7E5BF64328B205229E82AF72D5DB31DD40D790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00EE3774
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00EE377F
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,00EFFB78,?), ref: 00EE37D9
                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 00EE384C
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EE38E4
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EE3936
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                      • Opcode ID: 6bee08c8c9b062d6a42ec97fa117a53f407f3145e4e50700baf92d43e8f7fc5d
                                                                                                                                                                                                                                                      • Instruction ID: 438a70560c98b000da3fc6521889948631a50abcfb0cef4048e190075bd7a6d7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bee08c8c9b062d6a42ec97fa117a53f407f3145e4e50700baf92d43e8f7fc5d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F761E170608345AFD314DF66D849F6ABBE8EF88714F10180EF885A7291D770EE48CB96
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00ED33CF
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00ED33F0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                      • Opcode ID: f02c975a70fe75ebed32c52bfd0fddd4777d76ed049d991a09ffbad3f80391c0
                                                                                                                                                                                                                                                      • Instruction ID: dabf17fc97203cf4e6c0aad97c2f69c5dc9ae099aa8f1471d6f987623f351a09
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f02c975a70fe75ebed32c52bfd0fddd4777d76ed049d991a09ffbad3f80391c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C51B131940209AADF14EBA0EE46EEEB3B9EF14380F205065F40573192EB356F59DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                      • Opcode ID: 5ab707dbf9f93da893da3bdb9ee3dc57a1395e4c64fe43b44c5041c1be8195eb
                                                                                                                                                                                                                                                      • Instruction ID: 7abcb534be4a5d0b58eee820de8452572ed8f7373760c93d02e1912dafc636ea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ab707dbf9f93da893da3bdb9ee3dc57a1395e4c64fe43b44c5041c1be8195eb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A41CC32A001279ACB105F7DCA92BBE77A5AFA0758F24512DE465F7284E732CD42C790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00ED53A0
                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00ED5416
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00ED5420
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 00ED54A7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                      • Opcode ID: 678bee369235fb6099cfec4343956c1e8193a2f67a525e497814d536fcaa1416
                                                                                                                                                                                                                                                      • Instruction ID: 1f213dedbe0d9fb4e2c0148c9855fb3fa3ada4cf9a5414d6ced83b5ec438496d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 678bee369235fb6099cfec4343956c1e8193a2f67a525e497814d536fcaa1416
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31D236A005089FD710DF68D584AEABBF4EF44309F24906AE412EB392D731DD87CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00EF3C79
                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00EF3C88
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EF3D10
                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00EF3D24
                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00EF3D2E
                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EF3D5B
                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00EF3D63
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                      • Opcode ID: 32cb6426920f497d722618c906624e8818e07e8561ea319aa1f7edf69fdedc47
                                                                                                                                                                                                                                                      • Instruction ID: 11460a0eb09bf0d1ce6faa03eab81135bc536f0ff64d8c2375566c2fc8af1e7a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32cb6426920f497d722618c906624e8818e07e8561ea319aa1f7edf69fdedc47
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08418974A0120DEFDB14CF65D844AEA7BB5FF89354F240028FA06A7360D731AA14CF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00EC1F64
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 00EC1F6F
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EC1F8B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC1F8E
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EC1F97
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EC1FAB
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC1FAE
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 349956dd31620ebbaea4af4a8660e6769bce143f82e7aa94a91fc4fb15c64f29
                                                                                                                                                                                                                                                      • Instruction ID: 468c33cd564e46dd03cbe8e411d4ec45865da8e14efaa65919144f13c545b8d6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 349956dd31620ebbaea4af4a8660e6769bce143f82e7aa94a91fc4fb15c64f29
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D21F570A00118BFCF04AFA0DD44EFEBBB8EF46350B201149F961B3292DB358919DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00EC2043
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 00EC204E
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EC206A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC206D
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EC2076
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EC208A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EC208D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: cbcca3a0977cee82e6eac82eaffd0b6f8345dbd6dcf2beb62a4fa07778bc93ab
                                                                                                                                                                                                                                                      • Instruction ID: 58359050da497715c5deb60856eb321207ecb3e02801372b2c837afc26381466
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbcca3a0977cee82e6eac82eaffd0b6f8345dbd6dcf2beb62a4fa07778bc93ab
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5921F671900218BFCF14AFA0DD45EFEBBB8EF15340F20500AF951B71A1DA768919DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00EF3A9D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00EF3AA0
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF3AC7
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EF3AEA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00EF3B62
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00EF3BAC
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00EF3BC7
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00EF3BE2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00EF3BF6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00EF3C13
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                      • Opcode ID: d0708dffe0a8b3927f4e914ab86e0b059e9a33fece27bc2d0cbddf80fc74ade4
                                                                                                                                                                                                                                                      • Instruction ID: a7ce7fd5bc44748250730113ba63a82060c113f58d35810ece035492f1a43d8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0708dffe0a8b3927f4e914ab86e0b059e9a33fece27bc2d0cbddf80fc74ade4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8615A75900248AFDB10DFA8CC81EFEB7F8EB49714F104199FA15A72A1D770AE45DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00ECB151
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB165
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 00ECB16C
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB17B
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00ECB18D
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1A6
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1B8
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB1FD
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB212
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00ECA1E1,?,00000001), ref: 00ECB21D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                      • Opcode ID: 7d49741ab55256523800a90cc1890af0d7ac9e78cd38941f9a4ddeea9f39345e
                                                                                                                                                                                                                                                      • Instruction ID: c5c983f5d40b955eca88bc6aad81df10ef886590b6299d3bbc995835098f4381
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d49741ab55256523800a90cc1890af0d7ac9e78cd38941f9a4ddeea9f39345e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5931A0B1500208AFDB24DF25DE4AF7D7BAABB51329F205009F901E61A0D7B59E41DF60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92C94
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CA0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CAB
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CB6
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CC1
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CCC
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CD7
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CE2
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CED
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92CFB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                      • Opcode ID: 4eabae7e7e4fa110150639090299747e8efd49d5a8781fee7514f3365264ce68
                                                                                                                                                                                                                                                      • Instruction ID: b39173dc6a7cf45f9b3be3d9f47a470a6d620c0f302f9a30ab48ea8ad5a12014
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4eabae7e7e4fa110150639090299747e8efd49d5a8781fee7514f3365264ce68
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB117276500108BFCF02EF94D982CDD3BA9FF45350F9155A9FA48AF222DA31EE509B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00ED7FAD
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED7FC1
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00ED7FEB
                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00ED8005
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8017
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ED8060
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00ED80B0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                      • Opcode ID: fc9a821645ecd74a9b2c10819e5f40790909b89cd34864c31c6c590748e3c3dd
                                                                                                                                                                                                                                                      • Instruction ID: 8abbea836690c3548ad819eaf807c75646301e30ee69859a5ad3a6c89131c3cf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9a821645ecd74a9b2c10819e5f40790909b89cd34864c31c6c590748e3c3dd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9819F715082419BDB20EF15C8449AEB3E8EB88354F14685FF8C9E7351EB35DD4ACB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00E65C7A
                                                                                                                                                                                                                                                        • Part of subcall function 00E65D0A: GetClientRect.USER32(?,?), ref: 00E65D30
                                                                                                                                                                                                                                                        • Part of subcall function 00E65D0A: GetWindowRect.USER32(?,?), ref: 00E65D71
                                                                                                                                                                                                                                                        • Part of subcall function 00E65D0A: ScreenToClient.USER32(?,?), ref: 00E65D99
                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 00EA46F5
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00EA4708
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00EA4716
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00EA472B
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00EA4733
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00EA47C4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                      • Opcode ID: 4c5bb1763a6853647cb758db748e6e393833fbf78d4f9e9bd90833afcaf8e516
                                                                                                                                                                                                                                                      • Instruction ID: 57e30a55012d7c8800c95522fabddf306d2ab27075b386609182101966926ef8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c5bb1763a6853647cb758db748e6e393833fbf78d4f9e9bd90833afcaf8e516
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A710071500208DFCF218F64C984AFA7BB1FFCA368F24626AF9517A1A6C770A841DF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00ED35E4
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00F32390,?,00000FFF,?), ref: 00ED360A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                      • Opcode ID: 263893f4a13c444ee6f7e44a833a3842e39c43bab493ba76afc80823e3aea81b
                                                                                                                                                                                                                                                      • Instruction ID: 73410c6f584134dde55fc1b4503d90975eedd7737086257ee143b262c8df9473
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 263893f4a13c444ee6f7e44a833a3842e39c43bab493ba76afc80823e3aea81b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F051C271840209BBCF14EBA0ED42EEEBBB8EF14350F146126F105721A2DB315B99DF61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EDC272
                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EDC29A
                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EDC2CA
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EDC322
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 00EDC336
                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00EDC341
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: 6a66612165b8fadcf7c0f17f6e7614fb9850b01d796262b02f229dbd0779885c
                                                                                                                                                                                                                                                      • Instruction ID: 0510e5ba1e1c0f43df988666e96793a8b7089dc96fab58fc81526fb2a89db498
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a66612165b8fadcf7c0f17f6e7614fb9850b01d796262b02f229dbd0779885c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16318DB1600609AFD7219F658D88ABB7BFCEB49784B30951FF446A2350DB30DD0ADB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00EA3AAF,?,?,Bad directive syntax error,00EFCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00EC98BC
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00EA3AAF,?), ref: 00EC98C3
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00EC9987
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                      • Opcode ID: a450229681c8fafdf5d85fbc7a2c9538be02ff3be4039ff15913478d1ecad901
                                                                                                                                                                                                                                                      • Instruction ID: e1c711ec29c8c3311100909aea47f1d45e485bba593ae945d7f2ea39d20ee197
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a450229681c8fafdf5d85fbc7a2c9538be02ff3be4039ff15913478d1ecad901
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA217E3188021EABCF15EF90DD0AEFE77B9BF18740F046469F515760A2EB31AA18DB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EC20AB
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00EC20C0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00EC214D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                      • Opcode ID: 6be9eb1c254d7d8d640b15c2e6c6e013fce93edea9149ef460bcd554fa379193
                                                                                                                                                                                                                                                      • Instruction ID: fa543a60aa56d36342ed7531562266276cd641c6702b655b06a032e4ac2be0c9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6be9eb1c254d7d8d640b15c2e6c6e013fce93edea9149ef460bcd554fa379193
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611E776688717B9F6052620AD06EE6379CCB04B24B20206EFB08B50E1FE7298066A15
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                      • Opcode ID: 9562a8cd904f2a6e082b1a31cf57bfc9884352b90c1bb0986d0e73844dff8294
                                                                                                                                                                                                                                                      • Instruction ID: ea125274322296895b425c43b5f70c17fc2dbba26f17759371dea81f2f11df13
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9562a8cd904f2a6e082b1a31cf57bfc9884352b90c1bb0986d0e73844dff8294
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8617871A04314AFDF21BFB49C91AA97BE6EF05364F24116EF909B7281DB319D018790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00EF5186
                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00EF51C7
                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 00EF51CD
                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00EF51D1
                                                                                                                                                                                                                                                        • Part of subcall function 00EF6FBA: DeleteObject.GDI32(00000000), ref: 00EF6FE6
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF520D
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF521A
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00EF524D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00EF5287
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00EF5296
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                      • Opcode ID: 5e666bd0744f72d7fa61f42d14bece35ac8b05551d8ab8e3718e53ffcee3423a
                                                                                                                                                                                                                                                      • Instruction ID: 266e186d620eabfbb96cefd4f2528ce61c8aa131dc6a4803e8a25b6b3019c20a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e666bd0744f72d7fa61f42d14bece35ac8b05551d8ab8e3718e53ffcee3423a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D518232A41A0CBEEF249F24CC45BF83BB5AF15325F246212F719B62E1C375A944DB41
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00EB6890
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00EB68A9
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00EB68B9
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00EB68D1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00EB68F2
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E78874,00000000,00000000,00000000,000000FF,00000000), ref: 00EB6901
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00EB691E
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00E78874,00000000,00000000,00000000,000000FF,00000000), ref: 00EB692D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                      • Opcode ID: 8adc81a9f172bf1ddf5329e679b8bdc5e3b941c6b3d270b1c1d17e12dba6e489
                                                                                                                                                                                                                                                      • Instruction ID: 05172463764e742ec7e5c4563b915b65496285703c3dd4235471530ae809a378
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8adc81a9f172bf1ddf5329e679b8bdc5e3b941c6b3d270b1c1d17e12dba6e489
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3751BC74600209EFDB20CF25CD55FAA7BB5FF98764F209518F90AA72A0DB70E950DB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EDC182
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EDC195
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 00EDC1A9
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EDC272
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC253: GetLastError.KERNEL32 ref: 00EDC322
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC253: SetEvent.KERNEL32(?), ref: 00EDC336
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC253: InternetCloseHandle.WININET(00000000), ref: 00EDC341
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                      • Opcode ID: ca1742675156ff5ceba820cca9e21467021e929d0454e647eb6314446ca31d01
                                                                                                                                                                                                                                                      • Instruction ID: d1ac295deeead0a9b2ff85bcfd127c4a22f2ce8ecd1d4fb5656cbdd1ec1ef7e6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca1742675156ff5ceba820cca9e21467021e929d0454e647eb6314446ca31d01
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC31A071201A06AFDB219FB5DD44AB6BBF8FF58384B30541EF956A2720D730E816DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC25BD
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00EC25DB
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00EC25DF
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC25E9
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00EC2601
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00EC2605
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EC260F
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00EC2623
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00EC2627
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                      • Opcode ID: cd7e3a21ec67723eccd1c5ed814e11a2cbee7ceabf42f8e29df171ae716a42a7
                                                                                                                                                                                                                                                      • Instruction ID: 34ce8476cd8e9c07fddf6c778e740af58c91c8c6972bed9dfccdde2c61b17304
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd7e3a21ec67723eccd1c5ed814e11a2cbee7ceabf42f8e29df171ae716a42a7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC01D830394214BBFB1067699C8AF697FA9DF8EB11F701005F314BE1D1C9F25459CA6A
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00EC1449,?,?,00000000), ref: 00EC180C
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC1813
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00EC1449,?,?,00000000), ref: 00EC1828
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00EC1449,?,?,00000000), ref: 00EC1830
                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC1833
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00EC1449,?,?,00000000), ref: 00EC1843
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00EC1449,00000000,?,00EC1449,?,?,00000000), ref: 00EC184B
                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00EC1449,?,?,00000000), ref: 00EC184E
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00EC1874,00000000,00000000,00000000), ref: 00EC1868
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                      • Opcode ID: 2d214299d5cfad202b52f48b9a3e3fb451b90111d0f5a709dca0c0f038d52f29
                                                                                                                                                                                                                                                      • Instruction ID: dffa5d2f6aef0419b2b1a3f4dd0eb75961c520ecd22645cab2857f3a5201e102
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d214299d5cfad202b52f48b9a3e3fb451b90111d0f5a709dca0c0f038d52f29
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A01C275241308BFE710AF75DD4DF673B6CEB89B11F604451FA05EB192C6719814DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                      • String ID: }}$}}$}}
                                                                                                                                                                                                                                                      • API String ID: 1036877536-1495402609
                                                                                                                                                                                                                                                      • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                      • Instruction ID: bfe25145c75e5eaa18489f7f81ec8506ae5037b3839af7528ab921ed679d6ee0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEA167B2E003869FDF25CF28C881BEEBBE5EF65354F1451ADE585BB281C2349982C751
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00ECD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00ECD501
                                                                                                                                                                                                                                                        • Part of subcall function 00ECD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00ECD50F
                                                                                                                                                                                                                                                        • Part of subcall function 00ECD4DC: CloseHandle.KERNELBASE(00000000), ref: 00ECD5DC
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EEA16D
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EEA180
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EEA1B3
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00EEA268
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 00EEA273
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEA2C4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                      • Opcode ID: 937924ab0aa756a7cce3a35a172e9505fbc083380c6d348c62eef262b258516d
                                                                                                                                                                                                                                                      • Instruction ID: 5c0754c90cdf511407b0c6b1563357fe2ea904e380170711d4222a44fcc092a5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 937924ab0aa756a7cce3a35a172e9505fbc083380c6d348c62eef262b258516d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8661BE702052829FD710DF16C494F25BBE1AF44318F28949CE566AB7A3C772FC49CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00EF3925
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00EF393A
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00EF3954
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF3999
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 00EF39C6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00EF39F4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                      • Opcode ID: afe0000e2d906ab0b391a97127369cecde7f9ec2052ca8e2b351cd395a4f92c5
                                                                                                                                                                                                                                                      • Instruction ID: 6adfe5ec6962de130669e661a77559fb457e68b310b07b8dc5ef4884d06826bb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afe0000e2d906ab0b391a97127369cecde7f9ec2052ca8e2b351cd395a4f92c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C541B271A0021DABDF219F64CC45BFA77A9EF48354F201526FA58F7281D7B1D984CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00ECBCFD
                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 00ECBD1D
                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00ECBD53
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(01045590), ref: 00ECBDA4
                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(01045590,?,00000001,00000030), ref: 00ECBDCC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                      • Opcode ID: ba7c9d3df044c409a63c9b814c0e3706a66adbecd64f245c6e9d9269e2d38480
                                                                                                                                                                                                                                                      • Instruction ID: fd4852b427ff14d8685897f0963d6f0882615b33a12f1cc849fca79db201157d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba7c9d3df044c409a63c9b814c0e3706a66adbecd64f245c6e9d9269e2d38480
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2651AE70A003099BDB10CFA9DA86FAEBFF8AF85318F24515DE402F7290D7729946CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00E82D4B
                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00E82D53
                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00E82DE1
                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00E82E0C
                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00E82E61
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                      • String ID: &H$csm
                                                                                                                                                                                                                                                      • API String ID: 1170836740-1242228090
                                                                                                                                                                                                                                                      • Opcode ID: a2d2aeb984bc61e78bd82160df27def4fe2df01e9bde2ebd465e304c4a4854c7
                                                                                                                                                                                                                                                      • Instruction ID: 1906d687d6c23007b16a98a9a678e6883e7512a9eafd409c3125e8b1c001a1de
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2d2aeb984bc61e78bd82160df27def4fe2df01e9bde2ebd465e304c4a4854c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C419434A002099BCF14EF68C845A9EBFF5BF44318F149159E91DBB392D731AA05CBD1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 00ECC913
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                      • Opcode ID: 420a58f45bd4b484dcdbbcbae1081c27167e05b087ee35ab8431fee01fd61a78
                                                                                                                                                                                                                                                      • Instruction ID: 273edc55029bdf55dad7c05354f198f9cb6879ab809365665adbfc34ea8a1c94
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 420a58f45bd4b484dcdbbcbae1081c27167e05b087ee35ab8431fee01fd61a78
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA112E32689317BEA704A714AD82EEB67DCDF55358B30102EF50CF52C1E772AD025365
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                      • Opcode ID: 62e2aa6bd1947951ec73eb26201cdab19b66a20bd8039ba60b274fa030ead993
                                                                                                                                                                                                                                                      • Instruction ID: 7daf12d1fbd22e595eb88c3e1e76ba08416e5307223476304c7fcd825f1dbd22
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62e2aa6bd1947951ec73eb26201cdab19b66a20bd8039ba60b274fa030ead993
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52110271808109AFCB20BB209E0AEEA77ACDB54314F20117AF00DB6091EF728A86CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00EF9FC7
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00EF9FE7
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00EFA224
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00EFA242
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00EFA263
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000003,00000000), ref: 00EFA282
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00EFA2A7
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000005,?,?), ref: 00EFA2CA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1211466189-0
                                                                                                                                                                                                                                                      • Opcode ID: a206fc67abec34840d1dc8d2abc5e566b6f517bacfbb5b0dda154ce11d24d5cf
                                                                                                                                                                                                                                                      • Instruction ID: baac4a50ebc38aebed7345ddcfcb6d1085a71bfc8bedceb6e8bf5c75fc7ce0e0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a206fc67abec34840d1dc8d2abc5e566b6f517bacfbb5b0dda154ce11d24d5cf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65B1B9B1600219DFDF14CF68C9847BA3BB2BF44705F19907AEE89AF295D731AA40CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                      • Opcode ID: a1747db5d5547bb787c000de6e5d8fc0bca37a8bb2193813b5959fb3a64127a7
                                                                                                                                                                                                                                                      • Instruction ID: 9597a1353c39f1b471002c0f4c88f858265cbd2e193456e56e732962152ee121
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1747db5d5547bb787c000de6e5d8fc0bca37a8bb2193813b5959fb3a64127a7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF417E65C1021966CB21FBB48C8AACFB7E8EF45710F50A466E51CF3262EB34E255C3A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00E7F953
                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EBF3D1
                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EBF454
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                      • Opcode ID: e9c0edcdcb338c1211856c0f41b51cdc75354e3924bf2abe04d9bbfb9e554244
                                                                                                                                                                                                                                                      • Instruction ID: 0d810ac0f22005ffdcbfb031569431891e02555cda9dc15d93b41deabe6ec3d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9c0edcdcb338c1211856c0f41b51cdc75354e3924bf2abe04d9bbfb9e554244
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07412B31508680BEC7349B6D8D887BB7BE2ABD5318F24E03DE25F76561D671D884CB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EF2D1B
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EF2D23
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EF2D2E
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00EF2D3A
                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00EF2D76
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00EF2D87
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00EF5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00EF2DC2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00EF2DE1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                      • Opcode ID: 595770cdaf00baec60147133031dfae2fab83625943a182a257c3d8820f2a7f1
                                                                                                                                                                                                                                                      • Instruction ID: d093a6348e5516e1bf6d9f0d30070e282cc01860cf12d397f02d2b6b9736dce8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 595770cdaf00baec60147133031dfae2fab83625943a182a257c3d8820f2a7f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6319872201218AFEB208F11CC8AFBB3BA9EB49715F244055FF08EA291C6758845CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                      • Opcode ID: b37d69ee2572b8182082392133d8d6fa8ff8ad6d41158a870c6eab6e9cb8e08f
                                                                                                                                                                                                                                                      • Instruction ID: 771a42eafc265e784f044350f5b991ae323ccaec9e99bb02b8bc681c52276819
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b37d69ee2572b8182082392133d8d6fa8ff8ad6d41158a870c6eab6e9cb8e08f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE21AA63640B1977D61465108F82FFA739CAF11388F542029FE0C7A541F722FD9382A9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                      • Opcode ID: eef0f497b1641d46aabdcb77b4809543749e1393d3cc2fb8c404137f8c127924
                                                                                                                                                                                                                                                      • Instruction ID: 9d4693819ab57eeb302abe85a689295d9b5b5bd0baa32d63b358ec1c3dc2b9f6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eef0f497b1641d46aabdcb77b4809543749e1393d3cc2fb8c404137f8c127924
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27D1B072A0064E9FDF10CFA9C881BAEB7B5BF48358F149069E915BB281E770DD45CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?), ref: 00EA15CE
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EA1651
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EA16E4
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EA16FB
                                                                                                                                                                                                                                                        • Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EA1777
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EA17A2
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00EA17AE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                      • Opcode ID: 7e4ed822ca9c5a7e5012e2c9bf7bd0917f181f96246504446be69ac82c3a1985
                                                                                                                                                                                                                                                      • Instruction ID: ef40a0fef5eb6ba84278eb0a1bd4462256d6ec665568a9f69b7cebb4d266ac4d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e4ed822ca9c5a7e5012e2c9bf7bd0917f181f96246504446be69ac82c3a1985
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F091A371E002169ADF248E74C881AEE7BF5AF8F714F186599F801FB181D725ED44CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                      • Opcode ID: 525dbe1665187aad5fc716fad3b54eaafbfc1aa7b8a4b5b7f9757db602431dad
                                                                                                                                                                                                                                                      • Instruction ID: c74589dcd5cf62b9e061c9f43543685c1e1193cd4eab88ec19ce05f83eac0417
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 525dbe1665187aad5fc716fad3b54eaafbfc1aa7b8a4b5b7f9757db602431dad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D91B2B1A00259AFDF20CFA6D844FAEBBB8EF46714F10955AF505BB280D7709945CFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00ED125C
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00ED1284
                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00ED12A8
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED12D8
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED135F
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED13C4
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00ED1430
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                      • Opcode ID: 3ad7a7655d386c08014ad7d0bd01bacb7e8037d95ac5b6ed6ed3cb00527c6c16
                                                                                                                                                                                                                                                      • Instruction ID: a3550bdf2126fa44a298ab9475540aa685e473475e3107ece826d149480e1766
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ad7a7655d386c08014ad7d0bd01bacb7e8037d95ac5b6ed6ed3cb00527c6c16
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6891BF71A00218AFDB009F98C884BBEB7B5FF45315F24606AE950FB3A1D775A946CB90
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                      • Opcode ID: ca463150d3d86d51c543fc0de6d62fa25f927720636dcaa6f61c69ebe86b36a4
                                                                                                                                                                                                                                                      • Instruction ID: 703728c5a3a5b4fc36686e69cfe15e041339132315d92fcc37e084448aabe1bb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca463150d3d86d51c543fc0de6d62fa25f927720636dcaa6f61c69ebe86b36a4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07914971D00219EFCB10CFA9CC84AEEBBB8FF89324F249155E515B7252D774A942CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EE396B
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00EE3A7A
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EE3A8A
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EE3C1F
                                                                                                                                                                                                                                                        • Part of subcall function 00ED0CDF: VariantInit.OLEAUT32(00000000), ref: 00ED0D1F
                                                                                                                                                                                                                                                        • Part of subcall function 00ED0CDF: VariantCopy.OLEAUT32(?,?), ref: 00ED0D28
                                                                                                                                                                                                                                                        • Part of subcall function 00ED0CDF: VariantClear.OLEAUT32(?), ref: 00ED0D34
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                      • Opcode ID: f6727dc141f0b1b5ba500515da0cc99dfe957b60d5b39ab5b7bed5120ba6dc1a
                                                                                                                                                                                                                                                      • Instruction ID: 9b3c23634c753df715a6d1f27eb241fa137df2265b2f6ec2e11cddfc4a6c48e7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6727dc141f0b1b5ba500515da0cc99dfe957b60d5b39ab5b7bed5120ba6dc1a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E919D746083459FC704EF25C48496AB7E5FF88318F14986EF88AA7351DB31EE45CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?,?,00EC035E), ref: 00EC002B
                                                                                                                                                                                                                                                        • Part of subcall function 00EC000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0046
                                                                                                                                                                                                                                                        • Part of subcall function 00EC000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0054
                                                                                                                                                                                                                                                        • Part of subcall function 00EC000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?), ref: 00EC0064
                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00EE4C51
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EE4D59
                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00EE4DCF
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00EE4DDA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                      • Opcode ID: 768a8689a5500f8e37728572483f6e4a98121913c9d50408f1e3e98e72fc0973
                                                                                                                                                                                                                                                      • Instruction ID: 6426916c3d04c87654c50986f4010fc6d75a9217aaf14d68faec031df9da14c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 768a8689a5500f8e37728572483f6e4a98121913c9d50408f1e3e98e72fc0973
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 819148B1D0025D9FDF14DFA5D881AEEB7B8BF08314F205169E915BB291DB305A45CF60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00EF2183
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00EF21B5
                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00EF21DD
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF2213
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 00EF224D
                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 00EF225B
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EF22E3
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                      • Opcode ID: 79b53ab74256ad3eb98d856bdc22e7410a2ebb30bfe585a62e4009a457d43399
                                                                                                                                                                                                                                                      • Instruction ID: 7ff58647eb638ace7b33bab3969530d3209a3430521c18e412fe651a16265858
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79b53ab74256ad3eb98d856bdc22e7410a2ebb30bfe585a62e4009a457d43399
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B718C75A00209AFCB10DFA4C841ABEB7F1EF88314F249459EA56BB351DB34AD418B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindow.USER32(010454C8), ref: 00EF7F37
                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(010454C8), ref: 00EF7F43
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00EF801E
                                                                                                                                                                                                                                                      • SendMessageW.USER32(010454C8,000000B0,?,?), ref: 00EF8051
                                                                                                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,?), ref: 00EF8089
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(010454C8,000000EC), ref: 00EF80AB
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00EF80C3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4072528602-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a24010110f85835300d2c06a635530c5b48c114e4433e49f57d0963d373c1d8
                                                                                                                                                                                                                                                      • Instruction ID: 0623410c3575b18af8d4efebc1037f3df409967bcd4b3eb59161f9ec270b39ee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a24010110f85835300d2c06a635530c5b48c114e4433e49f57d0963d373c1d8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B719E3560820CAFEB219F64C984FFA7BB9FF49304F245499EA85B7261CB31A845DB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00ECAEF9
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00ECAF0E
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00ECAF6F
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 00ECAF9D
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 00ECAFBC
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00ECAFFD
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00ECB020
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                      • Opcode ID: 3c2a704f09cdff2d59e472424f59d0113bee84f8be97e92b3f77d451ba37453c
                                                                                                                                                                                                                                                      • Instruction ID: 7505b1f416d15e16d7e6e7e73c117772cc92a63b291caae42ba58a710fcf32e6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c2a704f09cdff2d59e472424f59d0113bee84f8be97e92b3f77d451ba37453c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F51D1A06043D93DFB364234C946FBA7EE95B06308F0C949DE1D5A54C2C3AAA8CAD752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 00ECAD19
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00ECAD2E
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00ECAD8F
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00ECADBB
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00ECADD8
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00ECAE17
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00ECAE38
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                      • Opcode ID: 0f83c8cabe86367269bb6cb0eaf758f56b2a3a7df04f13b44de9ea18c284c88c
                                                                                                                                                                                                                                                      • Instruction ID: dc3df3d51e82030471dcf703e1f8c561cdef9f34cd1de50e6c16b17c29fac34e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f83c8cabe86367269bb6cb0eaf758f56b2a3a7df04f13b44de9ea18c284c88c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB51E5A05047D93DFB3682348D45FBA7EA85B4530CF0C949CE1D6A68C3C296ECCAD792
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(00EA3CD6,?,?,?,?,?,?,?,?,00E95BA3,?,?,00EA3CD6,?,?), ref: 00E95470
                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00E954EB
                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00E95506
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00EA3CD6,00000005,00000000,00000000), ref: 00E9552C
                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00EA3CD6,00000000,00E95BA3,00000000,?,?,?,?,?,?,?,?,?,00E95BA3,?), ref: 00E9554B
                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,00E95BA3,00000000,?,?,?,?,?,?,?,?,?,00E95BA3,?), ref: 00E95584
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                      • Opcode ID: 13ec6b41dbe737c07891dc9093c0cdb883786d449c993acb6460b97a8c990e34
                                                                                                                                                                                                                                                      • Instruction ID: b4a23eaa8fd98e1904ccfacd1a5c3237db9dfaca4e34624dba93d81a9aac56f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13ec6b41dbe737c07891dc9093c0cdb883786d449c993acb6460b97a8c990e34
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B51C171A006099FDF11CFA8D841AEEBBF9EF49300F25515AE555F7292D6309A41CF60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE304E: _wcslen.LIBCMT ref: 00EE309B
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00EE1112
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1121
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE11C9
                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00EE11F9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                      • Opcode ID: e2fee7b216aa195e4ad52f121cb6209e36c617eb5a75472b019da131d324ea13
                                                                                                                                                                                                                                                      • Instruction ID: 01862202e01e51d8d20a4d33257998d883fe6e5d8e6ed8b9ce9b529fb712c633
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2fee7b216aa195e4ad52f121cb6209e36c617eb5a75472b019da131d324ea13
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E411631200248AFDB109F65C844BA9B7E9EF84368F249099F905BB291C770AD85CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00ECCF22,?), ref: 00ECDDFD
                                                                                                                                                                                                                                                        • Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00ECCF22,?), ref: 00ECDE16
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00ECCF45
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00ECCF7F
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECD005
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECD01B
                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 00ECD061
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                      • Opcode ID: e72d9968e1f5fc6c480d7d8b224687781edfe59cf67bc54b8755a16cb92862c9
                                                                                                                                                                                                                                                      • Instruction ID: e1fd6b46aebb625ae3762ec0b8343fd00a8187975d36570fc5e0175c61ae2b3e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e72d9968e1f5fc6c480d7d8b224687781edfe59cf67bc54b8755a16cb92862c9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D4184719052185EDF12EBA4DA81FDDB7F8AF48380F1410EAE509FB142EA35A649CB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00EF2E1C
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF2E4F
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF2E84
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00EF2EB6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00EF2EE0
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF2EF1
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF2F0B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                      • Opcode ID: d4aec245ffe05c6c154872a732152be4acde3ca340f14375d8fd210a037d5526
                                                                                                                                                                                                                                                      • Instruction ID: 1cecbc066608f13ce097cb26aa2a5a782e224155e4512f43a1b7aec3e6e120d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4aec245ffe05c6c154872a732152be4acde3ca340f14375d8fd210a037d5526
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 043114316451489FEB228F18DD84FA537E1FB8AB24F251168FB00EF2B1CB71A844EB01
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7769
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC778F
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00EC7792
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00EC77B0
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00EC77B9
                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 00EC77DE
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00EC77EC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                      • Opcode ID: 4d9894d54b4bc85e3f0496028563969994c60b2c79b37a137ab31a48bd1884fd
                                                                                                                                                                                                                                                      • Instruction ID: 97263008ef181429e66b9369a36f5cd54163f1e02814bf0d9851480806693aee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d9894d54b4bc85e3f0496028563969994c60b2c79b37a137ab31a48bd1884fd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4821B27660421DAFDB10DFA9DD88DBB73ACEB09364720802AF954EB150D670DC46CB64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7842
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EC7868
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00EC786B
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00EC788C
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00EC7895
                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 00EC78AF
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00EC78BD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                      • Opcode ID: 10451265704373127ad6f9affd2e3d3ad58b9f72557a6cc4a85a8df75e1d8a54
                                                                                                                                                                                                                                                      • Instruction ID: d25a2151624408391cc853a86ff0ac5b2b5ff22f3a9ee67830a1c3606d969070
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10451265704373127ad6f9affd2e3d3ad58b9f72557a6cc4a85a8df75e1d8a54
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B21C732604118AFDB149FA9DD89EBA77ECEB083607208029FA54EB1A0D670DC45CB64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00ED04F2
                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00ED052E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                      • Opcode ID: 2d7bb1bedf95241da1242bf70871904d2c1bf19c2e427722b10086b05854eeb1
                                                                                                                                                                                                                                                      • Instruction ID: d71b156a8360c3524ce621ffab63e238fd11cb9db36e8531dea28b7ef30d9c2e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d7bb1bedf95241da1242bf70871904d2c1bf19c2e427722b10086b05854eeb1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D215175500305DFDB309F29E845B9A77A4EF84728F244A1AECA1F72E0D7709955DF20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00ED05C6
                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00ED0601
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                      • Opcode ID: 7d75950b22c1631dbc5698154abc507f2a562847df60c83cda01fec499385a54
                                                                                                                                                                                                                                                      • Instruction ID: 544cf8c594a4eb0cfafb6e0ec1d4c21b97093a9111312ce40066896e829daec9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d75950b22c1631dbc5698154abc507f2a562847df60c83cda01fec499385a54
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6216D755002059FDB209F699804BAA77E4EF95724F341A1AE8B1F73E0D670D866CB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: GetStockObject.GDI32(00000011), ref: 00E66060
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00EF4112
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00EF411F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00EF412A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00EF4139
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00EF4145
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                      • Opcode ID: ea825db03b69bcb0ede87ab0f80bf6e71adccde0e0ed056be5fd239903a42789
                                                                                                                                                                                                                                                      • Instruction ID: fbba94df989d817b8da9026390b531720a0b0d2052bc6a4f273c4bdde8cddee4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea825db03b69bcb0ede87ab0f80bf6e71adccde0e0ed056be5fd239903a42789
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF1190B215021DBEEF219E64CC85EF77F9DEF087A8F115110BB18A6090CB729C21DBA4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E9D7A3: _free.LIBCMT ref: 00E9D7CC
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D82D
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D838
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D843
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D897
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D8A2
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D8AD
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D8B8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                      • Instruction ID: 56205070649f9be39d8a1a57515a991b723a88cffbc0ba816131ea7c71b84064
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C111971944B14BADE21FFF0CC47FCB7BDCAF44700F40682AB29DB6492DA65B50586A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00ECDA74
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 00ECDA7B
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00ECDA91
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 00ECDA98
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00ECDADC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 00ECDAB9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                      • Opcode ID: c4c3262002de077d9e95409f9eed972e288d3780dace64140a8828f853256f1e
                                                                                                                                                                                                                                                      • Instruction ID: f39c16874bdfeb51915b0dd32e84d7377edb245f36dcbe0c412eb9798bedc3e6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c3262002de077d9e95409f9eed972e288d3780dace64140a8828f853256f1e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 170162F250420C7FE710ABA19E89EF7726CE748701F6004A6B746F2041E6759E898F74
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0103E7D0,0103E7D0), ref: 00ED097B
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0103E7B0,00000000), ref: 00ED098D
                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 00ED099B
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00ED09A9
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00ED09B8
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0103E7D0,000001F6), ref: 00ED09C8
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0103E7B0), ref: 00ED09CF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                      • Opcode ID: 4fb3d71190ad8f7463267837f3b40d5ffa04a395f9fa3d07a731b5586d55153b
                                                                                                                                                                                                                                                      • Instruction ID: 850d92a125b33ebb6e65e3976bbf46e95e644f10d394c224eda82c102e42603a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fb3d71190ad8f7463267837f3b40d5ffa04a395f9fa3d07a731b5586d55153b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF01D31442906AFE7415B95EF88BE67A35FF81702FA42016F101A08B1C7759469DF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00E65D30
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00E65D71
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00E65D99
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00E65ED7
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00E65EF8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                      • Opcode ID: 7a5713d6706b89bb84333e35b6ed4d12d4c31f09da4b00633209421a3bb039bb
                                                                                                                                                                                                                                                      • Instruction ID: 4b7aca032b67583cb4b7a1c8798c99099d85fff4506efee16b269defbb335da0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a5713d6706b89bb84333e35b6ed4d12d4c31f09da4b00633209421a3bb039bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03B18C75A0074ADBDB14CFA9D4407EEB7F1FF88314F14A41AE8A9E7290D734AA51CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00E900BA
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E900D6
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00E900ED
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E9010B
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00E90122
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E90140
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                      • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                      • Instruction ID: 8e4a3dd71e9d4122ed0fa8883d6f05114c0824f040099617651b1bcd6a04aeb5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31811672B00706AFEB24AF69CC41B6B73E9AF45728F24653EF559F6281E770E9008750
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00EE101C,00000000,?,?,00000000), ref: 00EE3195
                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00EE1DC0
                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00EE1DE1
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1DF2
                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00EE1E8C
                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 00EE1EDB
                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00EE1F35
                                                                                                                                                                                                                                                        • Part of subcall function 00EC39E8: _strlen.LIBCMT ref: 00EC39F2
                                                                                                                                                                                                                                                        • Part of subcall function 00E66D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00E7CF58,?,?,?), ref: 00E66DBA
                                                                                                                                                                                                                                                        • Part of subcall function 00E66D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00E7CF58,?,?,?), ref: 00E66DED
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1923757996-0
                                                                                                                                                                                                                                                      • Opcode ID: c4b0095fc07647e92b2c0adbd10ee363f46592529bfb0d63e42c293a66275189
                                                                                                                                                                                                                                                      • Instruction ID: 4e250443f7088fe8171739fd7281e9e403bd887ff9da1ae27991ed93ddf97a3f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4b0095fc07647e92b2c0adbd10ee363f46592529bfb0d63e42c293a66275189
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12A1E531204384AFC314DF21C895F6A77E5AF84358F54A98CF45A7B2A2DB31ED85CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E882D9,00E882D9,?,?,?,00E9644F,00000001,00000001,?), ref: 00E96258
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E9644F,00000001,00000001,?,?,?,?), ref: 00E962DE
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E963D8
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00E963E5
                                                                                                                                                                                                                                                        • Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00E963EE
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00E96413
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                      • Opcode ID: 2b55dbf9741fec7032046c476d55214a91f85a4b88ef95eb529e8a77726a5a01
                                                                                                                                                                                                                                                      • Instruction ID: 5033beea37a42f12633d7eeddeea512d1485edb4ba26e9d4fe35d9de7b3281bf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b55dbf9741fec7032046c476d55214a91f85a4b88ef95eb529e8a77726a5a01
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B51F372A00216AFDF268F64CC81EBF77A9EB94754F25526AFC05F6190EB34DC50C660
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBCCA
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEBD25
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEBD6A
                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00EEBD99
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EEBDF3
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00EEBDFF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                      • Opcode ID: 81f5733d2decb345dd65228ea0056c6ed9174142b72b2b01899039a5fd6b419f
                                                                                                                                                                                                                                                      • Instruction ID: 73a2fecdf0ad29636661e35efc317ed9469633791fe565d794ac8448aec64353
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81f5733d2decb345dd65228ea0056c6ed9174142b72b2b01899039a5fd6b419f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3781B030208245AFD714DF25C881E2BBBE5FF84348F24995CF459AB2A2DB31ED45CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 00EBF7B9
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 00EBF860
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(00EBFA64,00000000), ref: 00EBF889
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(00EBFA64), ref: 00EBF8AD
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(00EBFA64,00000000), ref: 00EBF8B1
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EBF8BB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                      • Opcode ID: 9b457c27f6a4af067d34a38a07778119c629b6fe973bdbf2ace81fd386af71af
                                                                                                                                                                                                                                                      • Instruction ID: 25e5ddcda5d5ac12ddf7dee45764540cab60d8d36e236d456fab0bf05bc4cd34
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b457c27f6a4af067d34a38a07778119c629b6fe973bdbf2ace81fd386af71af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4651A731500310BACF24ABA5DC95BAAB3E9EF85714B24B477E905FF295DB708C40CB96
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 00ED94E5
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED9506
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED952D
                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00ED9585
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                      • Opcode ID: 5ee3bccd598257f7fb2b9be2f4807b8f6ecde3c752c7ee7863d3a4abef2aace1
                                                                                                                                                                                                                                                      • Instruction ID: 77d1ebf7838ee6f02a60f71e6561c0b710e153a7613f5e761ddb9c093e8c0a79
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ee3bccd598257f7fb2b9be2f4807b8f6ecde3c752c7ee7863d3a4abef2aace1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E1A2315083009FD724EF24D881A6AB7E4FF85354F14996EF899AB3A2DB31DD05CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00E79241
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00E792A5
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00E792C2
                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00E792D3
                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00E79321
                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00EB71EA
                                                                                                                                                                                                                                                        • Part of subcall function 00E79339: BeginPath.GDI32(00000000), ref: 00E79357
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a6abfaf845756f43975d142e5331d9f58f40984760042f6d2a2b7664cec7f5a
                                                                                                                                                                                                                                                      • Instruction ID: 8fe7024b2abb5d9a049ea8bec5b80eb0bac612b611e9942261af09863b838613
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a6abfaf845756f43975d142e5331d9f58f40984760042f6d2a2b7664cec7f5a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C41CF30109204AFD710DF25DC84FBA7BF9FF85724F104229F9A9A72A2C7319849DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 00ED080C
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00ED0847
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00ED0863
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00ED08DC
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00ED08F3
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00ED0921
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                      • Opcode ID: 909266199effbea0e4ed3769c0fbfa3583d81d7039d54c0b3436f9cc9e84125a
                                                                                                                                                                                                                                                      • Instruction ID: 4346a92912ffbeba493be060cc52139601ffed7c1570746c63c7b3e557e1300b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 909266199effbea0e4ed3769c0fbfa3583d81d7039d54c0b3436f9cc9e84125a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3415B71900209EFDF14AF54DC85A6A77B8FF44314F2480A9ED04AA297D730EE65DBA4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00EBF3AB,00000000,?,?,00000000,?,00EB682C,00000004,00000000,00000000), ref: 00EF824C
                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00EF8272
                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00EF82D1
                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 00EF82E5
                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 00EF830B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00EF832F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                      • Opcode ID: f534d463a529a9e7f8c6654111603242c35e3b98d7758ebb9ae73e0a1ba76c5e
                                                                                                                                                                                                                                                      • Instruction ID: b9fa7dc028494ada147dff06839f5ea50ab75d66c9e2a2db7d7cd589d0168b7e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f534d463a529a9e7f8c6654111603242c35e3b98d7758ebb9ae73e0a1ba76c5e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A241B73060264CEFEB11CF15CA95BF87BE1BB45718F186165E6486F2B2CB31A845CF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 00EC4C95
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00EC4CB2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00EC4CEA
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EC4D08
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00EC4D10
                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00EC4D1A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                      • Opcode ID: 7c1319bda582f5ae71af54e04471d5693b87545ab5aaba87cea564b9441f6ca2
                                                                                                                                                                                                                                                      • Instruction ID: 5cefb48ebf62c76b897ffe26f1c5224c1b1e4373f8127f13eda0e1a624ffd9d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1319bda582f5ae71af54e04471d5693b87545ab5aaba87cea564b9441f6ca2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E210AB12042047BEB256B259D15F7B7FD8DF45750F20902DF809EA1D1EA62CC01C361
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E63A97,?,?,00E62E7F,?,?,?,00000000), ref: 00E63AC2
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ED587B
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00ED5995
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00EFFCF8,00000000,00000001,00EFFB68,?), ref: 00ED59AE
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00ED59CC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                      • Opcode ID: ab7cd6fb888d9c1fabd43d11979e8fa65a6aa537658c7fb1f8efa32f2e0e6d15
                                                                                                                                                                                                                                                      • Instruction ID: 66430bc7d75420528b64fb515cc20fa681056b9d639c4b9a336ac0cf38d981c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab7cd6fb888d9c1fabd43d11979e8fa65a6aa537658c7fb1f8efa32f2e0e6d15
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D175726047019FC714DF24C49492ABBE5EF89314F14985EF88AAB361DB31EC46CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EC0FCA
                                                                                                                                                                                                                                                        • Part of subcall function 00EC0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EC0FD6
                                                                                                                                                                                                                                                        • Part of subcall function 00EC0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EC0FE5
                                                                                                                                                                                                                                                        • Part of subcall function 00EC0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EC0FEC
                                                                                                                                                                                                                                                        • Part of subcall function 00EC0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EC1002
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,00EC1335), ref: 00EC17AE
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00EC17BA
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EC17C1
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 00EC17DA
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00EC1335), ref: 00EC17EE
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC17F5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                      • Opcode ID: 286b176c2fabfd0ea7e6314885417103f7c2c3e0f436d2ead658193a9b70c723
                                                                                                                                                                                                                                                      • Instruction ID: 0230c966f646bbc01598c48bf2bf6e8ee243ea094cd3820f643be73d3b87716d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 286b176c2fabfd0ea7e6314885417103f7c2c3e0f436d2ead658193a9b70c723
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD11AC31501208EFDB108BA4CE48FAE7BB8EF82319F20405DF441A7211C7369956CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00EC14FF
                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00EC1506
                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00EC1515
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 00EC1520
                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EC154F
                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 00EC1563
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                      • Opcode ID: 7f2f32052d5448fcba4a17bb51d7fad4e4b379d649309bfbf24e0d6833a537a3
                                                                                                                                                                                                                                                      • Instruction ID: 44e64dca3ebed09f262d8d5ce80e938e35c18a5cc7c2b98e62cfe5f57a664ec0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f2f32052d5448fcba4a17bb51d7fad4e4b379d649309bfbf24e0d6833a537a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34114D7250120DAFDB118F94DE49FDE7BA9EF45748F244059FA05B2160C3728D55EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00E83379,00E82FE5), ref: 00E83390
                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E8339E
                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E833B7
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00E83379,00E82FE5), ref: 00E83409
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                      • Opcode ID: a54fa6a3b128528f2bf8d6a9615907d80213f8df00db1110763ada50ff7f87a5
                                                                                                                                                                                                                                                      • Instruction ID: db5c5146c21a1548b0d06ef1b4df72bdf7a1068b7dc7fabbe06771d01c7caab3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a54fa6a3b128528f2bf8d6a9615907d80213f8df00db1110763ada50ff7f87a5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42012832609315BEAA2477787C8596A2ED4EB05F793302229F42CF01F0EF114E0663C4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00E95686,00EA3CD6,?,00000000,?,00E95B6A,?,?,?,?,?,00E8E6D1,?,00F28A48), ref: 00E92D78
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92DAB
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92DD3
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000,00EA3CD6), ref: 00E92DE0
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,00E8E6D1,?,00F28A48,00000010,00E64F4A,?,?,00000000,00EA3CD6), ref: 00E92DEC
                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 00E92DF2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                      • Opcode ID: c89bb5acf9d1742a06138a9d950098733aeab85bbd3f010c73477669795994fa
                                                                                                                                                                                                                                                      • Instruction ID: ec3211c45cdba0379f626e9c2a0cf42e1429e5f616d4797e53ccb57f26e18a34
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c89bb5acf9d1742a06138a9d950098733aeab85bbd3f010c73477669795994fa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F0C8355056003BCE226735BC06E6F25D9AFC17A5F35241DFA24F21E2EF24880251A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796A2
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: BeginPath.GDI32(?), ref: 00E796B9
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796E2
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00EF8A4E
                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00EF8A62
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00EF8A70
                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00EF8A80
                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00EF8A90
                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00EF8AA0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                      • Opcode ID: 42d0cf64246a0336a445803709aa3df3d81f76e4d078400f80a7e76b801b8d40
                                                                                                                                                                                                                                                      • Instruction ID: ae2789ac4bde8edc3c8bdf94c7deae8832d9284673a9b7a3812c25d324d675bd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42d0cf64246a0336a445803709aa3df3d81f76e4d078400f80a7e76b801b8d40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F211097600010DFFDB129F91DD88EAA7F6DEB08364F108052BA19AA1A1DB719D55DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EC5218
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00EC5229
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EC5230
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00EC5238
                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00EC524F
                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00EC5261
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                      • Opcode ID: b97b6ac9a73e94fc435772f59a716f6420fd3976f3da788954228632d0224589
                                                                                                                                                                                                                                                      • Instruction ID: c35134e0fa0e7c5e4dcc04761e7141cad904fc37064ec9767ef3d8bd43b9e095
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b97b6ac9a73e94fc435772f59a716f6420fd3976f3da788954228632d0224589
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C018475A00708BFEB105BA69D49F5EBFB8EB44751F244065FA04F7390DA709805CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E61BF4
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00E61BFC
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E61C07
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E61C12
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00E61C1A
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E61C22
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                      • Opcode ID: cf392c8bc69ecd161bd88bf27caa2ca3008411dcbcd3231cf8d6a230bc361bb3
                                                                                                                                                                                                                                                      • Instruction ID: 222a4970a7780f0ee1adf1c4a14cf20ffecac5a339b4b7d6ada94182b02af4ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf392c8bc69ecd161bd88bf27caa2ca3008411dcbcd3231cf8d6a230bc361bb3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F016CB09027597DE3008F5A8C85B52FFA8FF59754F10411B915C47941C7F5A868CBE5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00ECEB30
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00ECEB46
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00ECEB55
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB64
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB6E
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00ECEB75
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                      • Opcode ID: 557f7a6313909e2ee91d0b33a245f10ba27183ea729ed56acb1e6651a219db2d
                                                                                                                                                                                                                                                      • Instruction ID: 388bc0e0509296394fc5f3cc5e3ccb6cd2fec27eefe976956f324d2a85ecb6d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 557f7a6313909e2ee91d0b33a245f10ba27183ea729ed56acb1e6651a219db2d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F06772201118BFE7205B639E0EEFB3A7CEFCAF11F200158F601E1090AAA01A05C6B5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 00EB7452
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 00EB7469
                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 00EB7475
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00EB7484
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00EB7496
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 00EB74B0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                      • Opcode ID: f87be6edc01ad24b4d72383fd07d83fbe9e8c0a8c7027b0b9629673a262a05a0
                                                                                                                                                                                                                                                      • Instruction ID: 1cfbd4b5201941e33afd921ad84c31c07a3e6b0a79d6ed83b2407c6e8f885264
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f87be6edc01ad24b4d72383fd07d83fbe9e8c0a8c7027b0b9629673a262a05a0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68017431404219EFEB105FA5DE08BFA7BB6FB84322F314060F92AB21A1CB311E55EB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00EC187F
                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 00EC188B
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EC1894
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EC189C
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00EC18A5
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC18AC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                      • Opcode ID: 46b001cfd96797740dc5dd23c5582dee587d73a01a10abf3ab285571c5596507
                                                                                                                                                                                                                                                      • Instruction ID: 1951220b9ce44bcd5541faf3e98baaaac40dfb259e8059f41503bef663ffd1c9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46b001cfd96797740dc5dd23c5582dee587d73a01a10abf3ab285571c5596507
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6E0C936005109BFD6015BA2EE0CD15BF39FF897217708221F225A1071CB325474EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E80242: EnterCriticalSection.KERNEL32(00F3070C,00F31884,?,?,00E7198B,00F32518,?,?,?,00E612F9,00000000), ref: 00E8024D
                                                                                                                                                                                                                                                        • Part of subcall function 00E80242: LeaveCriticalSection.KERNEL32(00F3070C,?,00E7198B,00F32518,?,?,?,00E612F9,00000000), ref: 00E8028A
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00E800A3: __onexit.LIBCMT ref: 00E800A9
                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00EE7BFB
                                                                                                                                                                                                                                                        • Part of subcall function 00E801F8: EnterCriticalSection.KERNEL32(00F3070C,?,?,00E78747,00F32514), ref: 00E80202
                                                                                                                                                                                                                                                        • Part of subcall function 00E801F8: LeaveCriticalSection.KERNEL32(00F3070C,?,00E78747,00F32514), ref: 00E80235
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                      • String ID: +T$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                      • API String ID: 535116098-4125810065
                                                                                                                                                                                                                                                      • Opcode ID: f7af1aa6523bb6454f3b3c5ebb99946deece630cbf63e7f473302436f16fbfc2
                                                                                                                                                                                                                                                      • Instruction ID: 0c042f1b274efa7823260e353193b978649c87ce5b5a3d920472c8a43d603944
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7af1aa6523bb6454f3b3c5ebb99946deece630cbf63e7f473302436f16fbfc2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0791AB70A0424CEFCB04EF55D9809ADB7B1FF49308F249059F886BB292DB71AE45CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00ECC6EE
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECC735
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00ECC79C
                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00ECC7CA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 833a65fb99e88c29ca460935885852b6d5c633e0a94caa3ca67484e4ab458554
                                                                                                                                                                                                                                                      • Instruction ID: 2bbbf0ea3cfa4b7f41400dde68bb9a59b7869a49b1346d1bb168cd5b09730066
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 833a65fb99e88c29ca460935885852b6d5c633e0a94caa3ca67484e4ab458554
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251D0716043009BD7149F38CA44FAB77E4EB89318F242A2EF999F2190DB62D806DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 00EEAEA3
                                                                                                                                                                                                                                                        • Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625
                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 00EEAF38
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEAF67
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                      • Opcode ID: 0444ea0ae593f3a9e6db1e722a518c72c620dc1803bb65173f9b0856e6884bda
                                                                                                                                                                                                                                                      • Instruction ID: 87205f3354c0960bf0a65804c58b51e16bbfc08e678500381dcfd314ec4f693e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0444ea0ae593f3a9e6db1e722a518c72c620dc1803bb65173f9b0856e6884bda
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7716770A00259DFCB14DF55D484A9EBBF0EF08318F1894ADE85ABB262C770ED45CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00EC7206
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00EC723C
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00EC724D
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00EC72CF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                      • Opcode ID: 4e56a42e964cfd49438ae43cc535cb09d2d1e0b5be1eec14ecda6b89014e83b7
                                                                                                                                                                                                                                                      • Instruction ID: 0d113f1cb359510c73b93743f48d1ba2469a3696dfa7366807e65ead7f7ef117
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e56a42e964cfd49438ae43cc535cb09d2d1e0b5be1eec14ecda6b89014e83b7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D4190B16042049FDB19CF54CA84F9A7BB9EF44314F2090ADBD45AF21AD7B2D946CFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EF3E35
                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00EF3E4A
                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EF3E92
                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00EF3EA5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: fdd591a2d905c05e80cf9a65daca403f5611ae67e9492951805c1ee6d330a06f
                                                                                                                                                                                                                                                      • Instruction ID: 3f393174164b3e5d72448ba53dfdbfbfa06d5430a69ebff982958b36bc4bfd8c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdd591a2d905c05e80cf9a65daca403f5611ae67e9492951805c1ee6d330a06f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06413375A0130DAFDF10DF60D884AEABBB9FF48368F145129EA05AB250D730AE45DF60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00EC1E66
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00EC1E79
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 00EC1EA9
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 8e64aea5d77a990995b6d184d62319855c4f5e0a500ff42fb8c58bc113d6c751
                                                                                                                                                                                                                                                      • Instruction ID: 533ce618d6c5e1739437e9af0ee936d1bacb8aad901214c23bb2eef20b8bec00
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e64aea5d77a990995b6d184d62319855c4f5e0a500ff42fb8c58bc113d6c751
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55212671A40108AEDB14AB64EE45DFFB7B8DF423A4B20A11DF815F31E2DB35490AD620
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                      • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                      • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                      • Opcode ID: d3d441449cda74d17da675e81b775086e332efd92a23ec572e690335472b8dda
                                                                                                                                                                                                                                                      • Instruction ID: b29c19b5b449518df9c25c6ba457710379e996e7f98b467e0e2ca71fa324a6c1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3d441449cda74d17da675e81b775086e332efd92a23ec572e690335472b8dda
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6931F7736005EE4BCB20EE6ED9404BE37919BA1798B256039E85F7B245E670CD4293A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00EF2F8D
                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00EF2F94
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00EF2FA9
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00EF2FB1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                      • Opcode ID: d6886f981ba83a3c8a938a662d6eff111fd4623770aa3af8440e888af445853b
                                                                                                                                                                                                                                                      • Instruction ID: c0dc3d157a5c7d826d6cc7d5e9eb1b6e932b2d3483edc8eef00f772d46ee4b8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6886f981ba83a3c8a938a662d6eff111fd4623770aa3af8440e888af445853b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F218B72224209ABEB204F64DC80EBB37B9EB59368F20661CFB50F21A0D771DC519760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E84D1E,00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002), ref: 00E84D8D
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E84DA0
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00E84D1E,00E928E9,(,00E84CBE,00000000,00F288B8,0000000C,00E84E15,(,00000002,00000000), ref: 00E84DC3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                      • Opcode ID: bf49a78fc8cb776ac2ac79f849825606dd1fbf2eec0e167033f9dbce91094af8
                                                                                                                                                                                                                                                      • Instruction ID: 661bedfaee07cb0b6740a5b2df9f40e0368edc11d79bfb81048dd4694cefc593
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf49a78fc8cb776ac2ac79f849825606dd1fbf2eec0e167033f9dbce91094af8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83F0AF30A0020DBFDB10AF91DC09BADBBB5EF44755F2000A4F80DB22A0DF309944DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E9C
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E64EAE
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00E64EDD,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64EC0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                      • Opcode ID: 06556feda67fedb6c282aa7f3575b74cddf284162a6beb1f040e5195a79e6821
                                                                                                                                                                                                                                                      • Instruction ID: 5f14ab84bd25fa2c61cd94d7845ffb5f8a0f18c2f3605120b4e4204940f926f7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06556feda67fedb6c282aa7f3575b74cddf284162a6beb1f040e5195a79e6821
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE02635A026225F822107267C18A3B6164AFC1BA27241011FC00F2140DB60CC0580A2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E62
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E64E74
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00EA3CDE,?,00F31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00E64E87
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                      • Opcode ID: 53f62c917349a8b23c4d90d70cb7880445e53f277d0da13625382c944aac69e1
                                                                                                                                                                                                                                                      • Instruction ID: 4cf0fdacfdd83edd5b3aaad2190f1f5994af293e191c2fb226490df3b12db707
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53f62c917349a8b23c4d90d70cb7880445e53f277d0da13625382c944aac69e1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75D0C2395436365F47221B267C08DAB2A28AFC1BA53351511B904B6154DF21CD15C1D1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2C05
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00ED2C87
                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00ED2C9D
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2CAE
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00ED2CC0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                      • Opcode ID: 789307deb35510ad0ff9bf0d704776f648dc4882e77897e1943984c86cde5656
                                                                                                                                                                                                                                                      • Instruction ID: 8baed1e63b9a45ab7674411d0146b86861fef738b2f6303278910ee36f8940cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 789307deb35510ad0ff9bf0d704776f648dc4882e77897e1943984c86cde5656
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AB17072E00119ABDF11EBA4CC85EDEB7BCEF58350F1050AAF609F6251EA309E458F61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00EEA427
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00EEA435
                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00EEA468
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EEA63D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                      • Opcode ID: d304fd8ea374e03000345b51ed2a007deb2eb864a582443faef5575ced5f620a
                                                                                                                                                                                                                                                      • Instruction ID: 78ad88b74042c61a01bf43ec15206c220d41ccaf66056892a5eca627ce64567b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d304fd8ea374e03000345b51ed2a007deb2eb864a582443faef5575ced5f620a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4A1C2716043019FD720DF15D886F2AB7E1AF84714F18985DF5AAAB392D7B0EC40CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00ECCF22,?), ref: 00ECDDFD
                                                                                                                                                                                                                                                        • Part of subcall function 00ECDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00ECCF22,?), ref: 00ECDE16
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE199: GetFileAttributesW.KERNEL32(?,00ECCF95), ref: 00ECE19A
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00ECE473
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00ECE4AC
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECE5EB
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECE603
                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00ECE650
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                      • Opcode ID: 5e87acdd5591a159083e1ed2a6baf37deb63209d5b85ac6e0657821d810ff005
                                                                                                                                                                                                                                                      • Instruction ID: f308bdb1d2d6cb63f90310f34ee451491ca1c6d38b02e7ca544bf0e06b63b9f5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e87acdd5591a159083e1ed2a6baf37deb63209d5b85ac6e0657821d810ff005
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8851A4B24087455BC724EB90DD81EDFB3ECAF84344F10191EF589E3192EF35A5898766
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EEB6AE,?,?), ref: 00EEC9B5
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EEC9F1
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA68
                                                                                                                                                                                                                                                        • Part of subcall function 00EEC998: _wcslen.LIBCMT ref: 00EECA9E
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EEBAA5
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EEBB00
                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00EEBB63
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 00EEBBA6
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00EEBBB3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                      • Opcode ID: 69b16078db05d950cc54857a0fa03cf60fbb688a780e3044201bf0733348143f
                                                                                                                                                                                                                                                      • Instruction ID: e7ee08454d471c28e7583f88ad37d85d0b2ed2043dbcba52ab8c020d1379f0e7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69b16078db05d950cc54857a0fa03cf60fbb688a780e3044201bf0733348143f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E561C331208245AFD714DF15C490E2BBBE5FF84348F24956CF4999B2A2DB31ED45CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EC8BCD
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00EC8C3E
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00EC8C9D
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EC8D10
                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00EC8D3B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                      • Opcode ID: 48779758ca0618ded4870d2c2ac008662056c19d0161b210b4dbffacf3ddb551
                                                                                                                                                                                                                                                      • Instruction ID: ac5957706525ac3bde6d48303bc5679a52c323546abaec74af5bddad8658d073
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48779758ca0618ded4870d2c2ac008662056c19d0161b210b4dbffacf3ddb551
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00517C71A00219DFCB14CF18D994EAABBF8FF89314B118559F915EB350D731E911CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00ED8BAE
                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00ED8BDA
                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00ED8C32
                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00ED8C57
                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00ED8C5F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                      • Opcode ID: 598e1ff311bc2295ed4d7cd0639b1a4ac80feaf4c910d04ac828832e52b47d98
                                                                                                                                                                                                                                                      • Instruction ID: 2e89f55a0bf23b7b3b81282b1bb71c06d91d014f20bf71d3ac021a5719a46fff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 598e1ff311bc2295ed4d7cd0639b1a4ac80feaf4c910d04ac828832e52b47d98
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71516C35A00218DFCB04DF65C884A6DBBF5FF48358F188499E84AAB362DB31ED51CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00EE8F40
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00EE8FD0
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00EE8FEC
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00EE9032
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00EE9052
                                                                                                                                                                                                                                                        • Part of subcall function 00E7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00ED1043,?,753CE610), ref: 00E7F6E6
                                                                                                                                                                                                                                                        • Part of subcall function 00E7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00EBFA64,00000000,00000000,?,?,00ED1043,?,753CE610,?,00EBFA64), ref: 00E7F70D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                      • Opcode ID: 316b68c9e53652972ecc7613e3a95a56ce70762431c5709d685b584a98d8038b
                                                                                                                                                                                                                                                      • Instruction ID: a9c8913a53f439a4d1aaa6f8f0d4396d299ec100d1f7e3514cceda0c1d9da2b9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 316b68c9e53652972ecc7613e3a95a56ce70762431c5709d685b584a98d8038b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B516C34600249DFC714DF59C5848ADBBF1FF49328B1490A8E80ABB362DB31ED85CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00EF6C33
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00EF6C4A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00EF6C73
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00EDAB79,00000000,00000000), ref: 00EF6C98
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00EF6CC7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                      • Opcode ID: 4cfbd70cceffe8002003da5dfe9da151fca6e9e1b618cd228b2995133ba4d63d
                                                                                                                                                                                                                                                      • Instruction ID: 837abd4883e4fee24cdf055ad19ba071a24cd563d201f0a4a95007af32ccbb69
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cfbd70cceffe8002003da5dfe9da151fca6e9e1b618cd228b2995133ba4d63d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A41CF35A0410CAFDB24CF28CD58FB9BBA5EB49364F251268EA95F72E1C371AD41DA40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                      • Opcode ID: 5f51f82b13c9bd552a6fd62ffe8e1b844a9672a50e7c5217f7ce951aef1ce8e6
                                                                                                                                                                                                                                                      • Instruction ID: f7d5c4fc0b6014081fbcbf4fcafb39274e80f3463fe538a5bb21027c57625f0e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f51f82b13c9bd552a6fd62ffe8e1b844a9672a50e7c5217f7ce951aef1ce8e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9541D232A00204AFCF24DF79C881A9EB7E5EF89714F1555ACE619FB391D631AD01DB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00E79141
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 00E7915E
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00E79183
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 00E7919D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                      • Opcode ID: f1d66160120552cff2d964840d6704f5ce10685a259c2799db79da3832cfe363
                                                                                                                                                                                                                                                      • Instruction ID: 8a40949aa9cabe8fb4d00b3a28db8094949695826560a7a956d42577302ba3dd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1d66160120552cff2d964840d6704f5ce10685a259c2799db79da3832cfe363
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B41AF31A0960ABBCF059F68C848BFEB7B4FF45324F209219E469B32D1C7306954CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 00ED38CB
                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00ED3922
                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00ED394B
                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00ED3955
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ED3966
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                      • Opcode ID: bb8608865a6b2e30aaf493dc014f4bbb97a803af8418de92614585bb032808e2
                                                                                                                                                                                                                                                      • Instruction ID: e99a0f8aa64aaf04e4f0d49877200f46c13019a3568a917ae77bd231c189b3d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb8608865a6b2e30aaf493dc014f4bbb97a803af8418de92614585bb032808e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE3139705043499EEB34CB35DC58BB637A8EB45318F14142FE462A22E4E3F09686EB23
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCF38
                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 00EDCF6F
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFB4
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFC8
                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,00EDC21E,00000000), ref: 00EDCFF2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                      • Opcode ID: 778106885e8fda1b02f7280b58737b1fb0d0ed435e73cc4ea4ac90b4d9dcac49
                                                                                                                                                                                                                                                      • Instruction ID: 515812b45bbfa60255e85278b34fd3c47b025a4bb5c00bd2213db5771933c9e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 778106885e8fda1b02f7280b58737b1fb0d0ed435e73cc4ea4ac90b4d9dcac49
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF314F71604606AFDB20DFA5C984AEBBBF9EB54394B30542FF506F2250DB30AD46DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EC1915
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 00EC19C1
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 00EC19C9
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 00EC19DA
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00EC19E2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                      • Opcode ID: b1cb1b49b3325d292b1b56299a1a366761a8134637876d447cd3c46dd17cfaad
                                                                                                                                                                                                                                                      • Instruction ID: 8a84131f52250e9b14915e06f1ba59064240c42ee9a463fd1be62b3a4dde7d1a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1cb1b49b3325d292b1b56299a1a366761a8134637876d447cd3c46dd17cfaad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8031CF71900219EFCB00CFA8CA98BEE3BB5EB85314F205269F921A72D1C3709955CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00EF5745
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 00EF579D
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF57AF
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF57BA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF5816
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                      • Opcode ID: 1d5fc661c7119d5f77cba712805963079caeed0803802ff7c193510083a0082a
                                                                                                                                                                                                                                                      • Instruction ID: 64c4b4a4fb88ebadd87c0b9e428d1968166ad07094ff6533e486418e1b7ca6f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d5fc661c7119d5f77cba712805963079caeed0803802ff7c193510083a0082a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9214F7290461CDADB209F60CC85AFD77B8FB54724F109216EB29FA1C0E7708985CF51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00EE0951
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00EE0968
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EE09A4
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 00EE09B0
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 00EE09E8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                      • Opcode ID: 23e7a0bbb1ece3938c0960572715217e72585ff976f31119cbe4cdc0970d7f6c
                                                                                                                                                                                                                                                      • Instruction ID: 10ff066022a7f8a5539263cafb23af9cfc7690aac30b87bff32055bf1d10e221
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23e7a0bbb1ece3938c0960572715217e72585ff976f31119cbe4cdc0970d7f6c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF219635600208AFD704EF65E944AAEB7F9EF84740F148469F84AF7362DB70AC45CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 00E9CDC6
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E9CDE9
                                                                                                                                                                                                                                                        • Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852
                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E9CE0F
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9CE22
                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E9CE31
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                      • Opcode ID: 0f950f62c573318a6b9c573456e3b8f31a3f68c772302cc61105de4787517f7f
                                                                                                                                                                                                                                                      • Instruction ID: 0bd50e018ac26e4649dbc4bb07d7550deffdfcb77b7e77043de4683df3cca77f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f950f62c573318a6b9c573456e3b8f31a3f68c772302cc61105de4787517f7f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D0184726022157F2B2166B76C88D7B6A6DDFC6BA53351129FD06F7201EA618D01C2B0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00E796A2
                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 00E796B9
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00E796E2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                      • Opcode ID: 09ea2f51bd4ae6e52e576c1db1ad95dd3b32cddf3763a4d2df9f83d168e9071c
                                                                                                                                                                                                                                                      • Instruction ID: e3d43ff579f7ec412ca0cc69c84b93725581cb3e38fd8c725a75d10db211c809
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09ea2f51bd4ae6e52e576c1db1ad95dd3b32cddf3763a4d2df9f83d168e9071c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A216D30803209EFDB119FA5ED04BAD3BBABF40779F208316F414B61A1D3709899EB94
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                      • Opcode ID: b35cd05b9c35773ca2b1ed1cc62552c2a030fda0aa949c4a4a44718f25498d8c
                                                                                                                                                                                                                                                      • Instruction ID: 9dcb87f8c8d64679746de1782385b3c1fad72a70156794213dfa061168e4ab8c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b35cd05b9c35773ca2b1ed1cc62552c2a030fda0aa949c4a4a44718f25498d8c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2019B63641719BAD21856109F41FFA639C9F21358B006026FD0C7A241F662FDA282A4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00E8F2DE,00E93863,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6), ref: 00E92DFD
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92E32
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92E59
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00E61129), ref: 00E92E66
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00E61129), ref: 00E92E6F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                      • Opcode ID: 403e666e212a1778012d0e7894ece18e02ed072be2cbd6e6535b6e45e01a913b
                                                                                                                                                                                                                                                      • Instruction ID: c8312ebfa9fd5ff42cffcdb1036bf936df51e07540f0eb6ba482281f52a3d036
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 403e666e212a1778012d0e7894ece18e02ed072be2cbd6e6535b6e45e01a913b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B901F4326056047BCE1367356CC6D6B26DDAFC17B9B31602DFA25B22D2EE608C0651A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?,?,00EC035E), ref: 00EC002B
                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0046
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0054
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?), ref: 00EC0064
                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00EBFF41,80070057,?,?), ref: 00EC0070
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                      • Opcode ID: 1f58be2a8132a93a27cdd5b8485dfc50998dd78c33a609dfdf3d485088dab6b3
                                                                                                                                                                                                                                                      • Instruction ID: a496e9e3cd4329dde93c921f4c2c4bd80d41a01723ef4ea7dfc14ce2a7016be7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f58be2a8132a93a27cdd5b8485dfc50998dd78c33a609dfdf3d485088dab6b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9601DF72600208FFDB114F69DE05FAA7AADEB84791F215428F801F2210D772DD05DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00ECE997
                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 00ECE9A5
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00ECE9AD
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00ECE9B7
                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 00ECE9F3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                      • Opcode ID: 2bd5b240bc005c8a275d2197bcecec8d060cbbc4ca5483f8fb4dfaac5d63e8da
                                                                                                                                                                                                                                                      • Instruction ID: 467930aa26d82d128afddbd263ea3d5115217415d49cb8ea01eb8b89ee0c6e5c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bd5b240bc005c8a275d2197bcecec8d060cbbc4ca5483f8fb4dfaac5d63e8da
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3016D31C0162DDBCF049FE5DE59AEDBB78FF89300F10158AE502B2240CB319556C7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00EC1114
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1120
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC112F
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00EC0B9B,?,?,?), ref: 00EC1136
                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00EC114D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                      • Opcode ID: 0ce3f8a4752707fd2081b83e51107e3ceeef69e5499d3b1e34eb59a8cbdf001f
                                                                                                                                                                                                                                                      • Instruction ID: 231c4ee0c2163b1cea8e3a5b9520e794fec630631428976a9276a69f64a17c7d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ce3f8a4752707fd2081b83e51107e3ceeef69e5499d3b1e34eb59a8cbdf001f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5016975201209BFDB115FA6DD49E6A3B6EEFCA3A4B340459FA41E3360DB31DC51CA60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EC0FCA
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EC0FD6
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EC0FE5
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EC0FEC
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EC1002
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                      • Opcode ID: 1b954b639bb84bf3cfdd56d3415b974d16d92867838df4071d68d24392d2ac5d
                                                                                                                                                                                                                                                      • Instruction ID: 6a486f90515e12332f28fc2d43ef4521342ba6aef7e8165717a3ab9784cfc410
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b954b639bb84bf3cfdd56d3415b974d16d92867838df4071d68d24392d2ac5d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03F0AF35201305AFD7210FA59E4AF663B6EEFCA761F300459F905E6251CA31DC51CA60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EC102A
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1036
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1045
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC104C
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1062
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                      • Opcode ID: a7f82df0f50b1eb00d35c050de2b37756d93ecb520ccb99062dc2a031277e500
                                                                                                                                                                                                                                                      • Instruction ID: 3e00dd7b7c26b1f53bcf0bd32ea1ee5641ecb842323e9011dd830d2f08afb384
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7f82df0f50b1eb00d35c050de2b37756d93ecb520ccb99062dc2a031277e500
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F0AF35201305AFD7211FA5EE4AF6A3B6DEFCA7A1F300414F905E6251CA31D851DA60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0324
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0331
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED033E
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED034B
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0358
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00ED017D,?,00ED32FC,?,00000001,00EA2592,?), ref: 00ED0365
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                      • Opcode ID: fc3deaa4cc0e1b237c00bde58e0b949952eead2eace10897f7ae48cc37775bc1
                                                                                                                                                                                                                                                      • Instruction ID: 7228ca28a64f9a640affce0a8dafbd5d3901a01d2e063867d5000b6f4ca1fc35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc3deaa4cc0e1b237c00bde58e0b949952eead2eace10897f7ae48cc37775bc1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E01E272800B058FC7309F66D880812F7F5FF503193199A3FD19262A30C3B0A959CF80
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D752
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D764
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D776
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D788
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9D79A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                      • Opcode ID: a5a7b9d36e294cd68e9cab3ea7c4285c455833f524312fbbcb742789857a2703
                                                                                                                                                                                                                                                      • Instruction ID: 744843ef7eb222b73f8281533018c5b1ab703863466f7e48e03744e1d9e0bb45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5a7b9d36e294cd68e9cab3ea7c4285c455833f524312fbbcb742789857a2703
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59F0FF32548218BB8E21EBA4FDC5C5A7BDDBB447147A4280AF14CF7501C720FC8086E4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EC5C58
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00EC5C6F
                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00EC5C87
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 00EC5CA3
                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 00EC5CBD
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                      • Opcode ID: 7d45c7dbd2a039f34e9c98aa4bf7b3ad7f56e4ea25c7a2b19e3df437af7fb275
                                                                                                                                                                                                                                                      • Instruction ID: da67cb889e0d782839e7e5e1ddb45ca9702fdc53de64782526420bdd78fbae62
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d45c7dbd2a039f34e9c98aa4bf7b3ad7f56e4ea25c7a2b19e3df437af7fb275
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD016231500B08AFEB205B11DF4EFA6B7B8BB40B05F15155DA593B10E1DBF1B989CA90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E922BE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000), ref: 00E929DE
                                                                                                                                                                                                                                                        • Part of subcall function 00E929C8: GetLastError.KERNEL32(00000000,?,00E9D7D1,00000000,00000000,00000000,00000000,?,00E9D7F8,00000000,00000007,00000000,?,00E9DBF5,00000000,00000000), ref: 00E929F0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E922D0
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E922E3
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E922F4
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E92305
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                      • Opcode ID: 96dc814ca571be3aa6b8e34b248448af77a22d40cc109019b2a0e213f61ff589
                                                                                                                                                                                                                                                      • Instruction ID: 7e76f67bd2ad7992e469e5c3883f1c50883fd1b8a7c8384416664f16482d21e9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96dc814ca571be3aa6b8e34b248448af77a22d40cc109019b2a0e213f61ff589
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFF05E70801528AB8E22EF64BC0184E3BA6F758770700150FF518E23B1CB304912FFE4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00E795D4
                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,00EB71F7,00000000,?,?,?), ref: 00E795F0
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00E79603
                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00E79616
                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00E79631
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                      • Opcode ID: c0809e7558e67fc5bcb2ae4a21ac5388d9473e748dae8ff8b40b481ad8b239b4
                                                                                                                                                                                                                                                      • Instruction ID: d625613ccf40a0ec9d47c1c6a51690ac579176f59ce06766c9b44bffe2180ce8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0809e7558e67fc5bcb2ae4a21ac5388d9473e748dae8ff8b40b481ad8b239b4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F0C93500660CEFDB169F66EE18BA43B66BB41376F248354F469650F1CB3089A9EF20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                      • Opcode ID: 7a592608741aa7357d76950a1c0aeed0e6da1eb32bbcdd4d6407269e2a0b7601
                                                                                                                                                                                                                                                      • Instruction ID: f5494a9a49eb3708029c1d186766050422e072e688998616e1dd0ddea7876622
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a592608741aa7357d76950a1c0aeed0e6da1eb32bbcdd4d6407269e2a0b7601
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24D1FF31A00207DADF29DF68C885BFEB7B1EF06704F292199E915BBA50D3759D80CB91
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: JO
                                                                                                                                                                                                                                                      • API String ID: 0-1663374661
                                                                                                                                                                                                                                                      • Opcode ID: 3291df8d66367ea643a18341a44b736b19cdd462eb1fff557747ce1dfa71d266
                                                                                                                                                                                                                                                      • Instruction ID: 87d233b239aa3e66a2688a06e00e2130a25617b6b6028ac6cb803dc9c9bea0b3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3291df8d66367ea643a18341a44b736b19cdd462eb1fff557747ce1dfa71d266
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15518F72900609AFCF22AFA4C945EEEBBF8AF45314F14215AF409B72A1D7719901DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00E98B6E
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00E98B7A
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00E98B81
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                      • API String ID: 2434981716-3963672497
                                                                                                                                                                                                                                                      • Opcode ID: e324e3d0ab81519cb2a8f97b2f5d41b9f24cb78b00ee5e0268af1ef6ee8ca926
                                                                                                                                                                                                                                                      • Instruction ID: b480a65855b1575ae645e811e0fa46ed00c4bdc4a598f6af06c9bab2b5fe5857
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e324e3d0ab81519cb2a8f97b2f5d41b9f24cb78b00ee5e0268af1ef6ee8ca926
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4416EB4604145AFDF249F24C990ABD7FE6DB87314F2C519AF485A7262EE318C02D790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EC21D0,?,?,00000034,00000800,?,00000034), ref: 00ECB42D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00EC2760
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EC21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00ECB3F8
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00ECB355
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00EC2194,00000034,?,?,00001004,00000000,00000000), ref: 00ECB365
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00EC2194,00000034,?,?,00001004,00000000,00000000), ref: 00ECB37B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EC27CD
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EC281A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 722d80576718938f1aac238cda0a4c0a8f7292bc3bed5cb985d4f924982ccb42
                                                                                                                                                                                                                                                      • Instruction ID: b3d4ae1a908226b0758c5908d37b6cf05bee38efb527945e0eb61937fc04c403
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 722d80576718938f1aac238cda0a4c0a8f7292bc3bed5cb985d4f924982ccb42
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0412D72900218AFDB14DBA4CD86FEEBBB8AF09700F105099FA55B7181DB716E46CB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00E91769
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E91834
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00E9183E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                      • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                      • Opcode ID: 42eef6957b9a7d78d7a39a32ea7c551e1c60d5f9ace449ed4d2c7b6cb13e43ce
                                                                                                                                                                                                                                                      • Instruction ID: 6c41b8b5e512a36b9f8f0071fe601b10c9fdce77edc73223bbe24a96e2e1cfd9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42eef6957b9a7d78d7a39a32ea7c551e1c60d5f9ace449ed4d2c7b6cb13e43ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4317075A0021AAFDF25DF99D885D9FBBFCEB85324B1451ABF804E7211D6708E40DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00ECC306
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 00ECC34C
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F31990,01045590), ref: 00ECC395
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 985db7535f4d2ac5fa02810e5b822d4c955f3f746ddaafdb5b99c72b6a085fa0
                                                                                                                                                                                                                                                      • Instruction ID: ccef9b41ab721aae675438b352ae1c252f9a57e8192ba3f220e0a514afa267a3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 985db7535f4d2ac5fa02810e5b822d4c955f3f746ddaafdb5b99c72b6a085fa0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C41E5312043419FD720DF29E944F5ABBE4AF85314F20966DF869E72D1C731E806CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00EFCC08,00000000,?,?,?,?), ref: 00EF44AA
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 00EF44C7
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF44D7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                      • Opcode ID: a4ec385970f0f4454b1c69d75bf411b0a8424d1afcc617aa521a8dad61e25a3a
                                                                                                                                                                                                                                                      • Instruction ID: 06a03c4d9219a1919c47b3e32da6a6b6273903f90960e3fde0c0535ce1b1dcbe
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4ec385970f0f4454b1c69d75bf411b0a8424d1afcc617aa521a8dad61e25a3a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F317C71214209AFDB219E38DC45BEB77A9EB48338F205725FA79B21E0D770EC549B50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SysReAllocString.OLEAUT32(?,?), ref: 00EC6EED
                                                                                                                                                                                                                                                      • VariantCopyInd.OLEAUT32(?,?), ref: 00EC6F08
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EC6F12
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                      • String ID: *j
                                                                                                                                                                                                                                                      • API String ID: 2173805711-1845181700
                                                                                                                                                                                                                                                      • Opcode ID: 20dc98d40b192abb7913a2bbaa1cd13eace2992ed146fe330366713deed7d4b9
                                                                                                                                                                                                                                                      • Instruction ID: 0dc86766741cb40885883b101845451bf0df8b8abc0566dc860756ab4b7de871
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20dc98d40b192abb7913a2bbaa1cd13eace2992ed146fe330366713deed7d4b9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31B071704385DFCB05AFA4E950EBE37B6EF8A344B10149CFA02AB2A1C7719912DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00EE3077,?,?), ref: 00EE3378
                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00EE307A
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EE309B
                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00EE3106
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                      • Opcode ID: 3e9369124838481d47fa942df5f90b1b84139b0400563794df0d36f9159b956a
                                                                                                                                                                                                                                                      • Instruction ID: a94a1eadad32bb88bb94c2e8b7ca419cc6205fd640de400f239514f1959642b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e9369124838481d47fa942df5f90b1b84139b0400563794df0d36f9159b956a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A31E7352042899FCB20CF7AC589EAA77E0EF54318F259059E815AB393D732EF45C760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00EF3F40
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EF3F54
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF3F78
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                      • Opcode ID: 6ca875f40b1ce33de7dab9359dba56784ffefbc6dd7df6d8dd09b7888ddfd0d7
                                                                                                                                                                                                                                                      • Instruction ID: 5f6809da089aa5574e08121f99b4d2db9f6f65b983922b8b8e57670744b3ab01
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ca875f40b1ce33de7dab9359dba56784ffefbc6dd7df6d8dd09b7888ddfd0d7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D621AD32600219BFDF218F60DC46FEA3BB6EF48728F111214FA15BB190D6B1A954CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00EF4705
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00EF4713
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00EF471A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                      • Opcode ID: 2b7bbe738b81c507afeaea08a224f3106a75a0f390a1a2d2a77f058f22bdf596
                                                                                                                                                                                                                                                      • Instruction ID: 147519f02d05b130f0e6450d972b09f0ea5cd7cb75a63ce246c23172f986c16a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b7bbe738b81c507afeaea08a224f3106a75a0f390a1a2d2a77f058f22bdf596
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71214FF5601208AFEB10DF64DC81DB737EDEB8A3A8B151059F600AB291C770EC11DA60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                      • Opcode ID: 15e0e3ff13697cd3022fbd0f1c7645ccdb509309aecb7fe06d79729cf93e314a
                                                                                                                                                                                                                                                      • Instruction ID: 3851c420745eee5d8e75f7e9dfed6ad0be81073a13110f552e0c0415dcef8ee6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15e0e3ff13697cd3022fbd0f1c7645ccdb509309aecb7fe06d79729cf93e314a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD21297220461166D331AB249E0AFBB73D8AF95318F50602EF94DB7082EB529D42C3A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00EF3840
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00EF3850
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00EF3876
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                      • Opcode ID: a9104eac551e597cdc936d462ff2007be3e827377f8966c3404c67ec65da28ae
                                                                                                                                                                                                                                                      • Instruction ID: e0a88ab03612c95bf70c92d5f5a9c5464ff3c74674396e1a5873545e99e0c82d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9104eac551e597cdc936d462ff2007be3e827377f8966c3404c67ec65da28ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9821BE7261021CBBEF219F64DC81EBB376AEF897A4F119125FA04AB1D0C675DC52C7A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00ED4A08
                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00ED4A5C
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,00EFCC08), ref: 00ED4AD0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                      • Opcode ID: 9c354edb556a51621c5f0128b141ed51a7c0cc9a08b15ff211c3e49a46fb2488
                                                                                                                                                                                                                                                      • Instruction ID: 3476dc44e43831ea2be18b58b25a01d21cd16b821c32fc9c9a06d367dd700161
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c354edb556a51621c5f0128b141ed51a7c0cc9a08b15ff211c3e49a46fb2488
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45319174A00108AFDB10DF54C985EAABBF8EF48308F1490A9F809EB352D771ED46CB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00EF424F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00EF4264
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00EF4271
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                      • Opcode ID: 02f466199ab17588b2d08057793ca48fddcb782433dd78735d80ac7c49dea10b
                                                                                                                                                                                                                                                      • Instruction ID: 34a089ece2ba1a0e52055e384553cd8277409570c115bf33cb154d4c4d8bfd4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02f466199ab17588b2d08057793ca48fddcb782433dd78735d80ac7c49dea10b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B11CE7124024CBEEF205E69CC06FBB3BA8EB85B68F111524FA55F20E0D271D8119B20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E66B57: _wcslen.LIBCMT ref: 00E66B6A
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EC2DC5
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC2DD6
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2DA7: GetCurrentThreadId.KERNEL32 ref: 00EC2DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00EC2DE4
                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00EC2F78
                                                                                                                                                                                                                                                        • Part of subcall function 00EC2DEE: GetParent.USER32(00000000), ref: 00EC2DF9
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EC2FC3
                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,00EC303B), ref: 00EC2FEB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                      • Opcode ID: ee61e124e69147686b7d9737e39c16a5c7e6e68033825e6813ec36b49c557636
                                                                                                                                                                                                                                                      • Instruction ID: 1bd3f209c8d18f955306dcfdc5486cacb1cfcf6944dab7c0518ff7aa0cbf6693
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee61e124e69147686b7d9737e39c16a5c7e6e68033825e6813ec36b49c557636
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B11C6712002099BCF106F709D86FED77A99F94304F149079B909B7292DE71594ACB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EF58C1
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00EF58EE
                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 00EF58FD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 21715e14ec3e4ae0c99664dfa5297079520913aef634ef4d165605ad9f280483
                                                                                                                                                                                                                                                      • Instruction ID: d463034ccc4a97fd4018f0004a60ef17c8b46ea4a154187085893c086517634a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21715e14ec3e4ae0c99664dfa5297079520913aef634ef4d165605ad9f280483
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48015E3250021CEEDB219F11DC44BBEBBB4FF85364F208099EA59E6151EB708A84DF21
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00EBD3BF
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 00EBD3E5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                      • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                      • Opcode ID: 62753dd600b339f3a288fd7be197059f90f89cf1403e5a4a4b9142b463e1b051
                                                                                                                                                                                                                                                      • Instruction ID: d353490d7aa2f8cbe9ed506b6e43104ec5659737e46c145933fbb2b82ab5b72b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62753dd600b339f3a288fd7be197059f90f89cf1403e5a4a4b9142b463e1b051
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0F0553180E66A8BD73112114C249FB3370AF50705B78B578E402F101AFB28CC888292
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3a6b3ed5c8f956fb917b0130e621a8ee4ccaf3892b232e87f9c2d4931ac3ac99
                                                                                                                                                                                                                                                      • Instruction ID: 9034c68e8b78b92075d845c3edd4fe7a1c861c1ff1e21bea75af1f21afed90c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a6b3ed5c8f956fb917b0130e621a8ee4ccaf3892b232e87f9c2d4931ac3ac99
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1C13875A0021AEFDB14CF98C994FAEB7B5FF48304F249598E505AB251D732DD42CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                      • Opcode ID: 339ae863e1c9aa1734ab086d9f5997e5dbd318d8b1a40812f5bc9b28c2fc5689
                                                                                                                                                                                                                                                      • Instruction ID: e870932ecf0b54f003f9f2dc3e4daa309af5546733091012754c2d8573f94a65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 339ae863e1c9aa1734ab086d9f5997e5dbd318d8b1a40812f5bc9b28c2fc5689
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05A16A752043059FC700DF29C589A2AB7E5FF88754F14985EF98AAB362DB30EE05CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC05F0
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC0608
                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,00EFCC40,000000FF,?,00000000,00000800,00000000,?,00EFFC08,?), ref: 00EC062D
                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 00EC064E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                      • Opcode ID: 5e9d3d79dce81bd8d9d72557f1af9e28e48404d3596edd9a16b8a08109846d66
                                                                                                                                                                                                                                                      • Instruction ID: 984f79549d55c471e4ba13af5a69166f3363eec0c9abe60f909b5bd13e475db5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e9d3d79dce81bd8d9d72557f1af9e28e48404d3596edd9a16b8a08109846d66
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF81E975A00109EFCB04DF94CA84EEEB7B9FF89315F205558E516BB250DB72AE06CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00EEA6AC
                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00EEA6BA
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00EEA79C
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00EEA7AB
                                                                                                                                                                                                                                                        • Part of subcall function 00E7CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00EA3303,?), ref: 00E7CE8A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                      • Opcode ID: 4913ed0eb63ca8d99f4751d6f7cd6cb9983b9b94ce2b58964e39ee2a93113857
                                                                                                                                                                                                                                                      • Instruction ID: 023f47497b9bf3f3163aaed6671447be8757f36d81df8b2dd6850412915324ca
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4913ed0eb63ca8d99f4751d6f7cd6cb9983b9b94ce2b58964e39ee2a93113857
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB517E715083009FD314DF25D886A6BBBE8FF89754F14992DF589A7292EB30E904CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                      • Opcode ID: 390f9ae97074a2838b6fa0ef1381555b95e609b884695957e2cba801724286ce
                                                                                                                                                                                                                                                      • Instruction ID: c19322788d1a4bb5fb398256053f6b5de504c53976b963b440e08b7ac38745f8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 390f9ae97074a2838b6fa0ef1381555b95e609b884695957e2cba801724286ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13413B31A00114ABDF267BBD8C45ABE3AE5EF4F374F2422A5F43CFA192E634584153A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EF62E2
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF6315
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00EF6382
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                      • Opcode ID: c2b3b3649b83b472ede1b4167a530b24b7cfcfa0fd28ca90d2505533a282e163
                                                                                                                                                                                                                                                      • Instruction ID: 1ba1c5b40bcdf7467268c8de6622889bec7ed9bd73201a40f2d2d4fb55531fd2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2b3b3649b83b472ede1b4167a530b24b7cfcfa0fd28ca90d2505533a282e163
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71513974A01209EFDB10DF68D880ABE7BB6FB95364F209169F915AB2A0D730ED41CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00EE1AFD
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1B0B
                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00EE1B8A
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00EE1B94
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                      • Opcode ID: 8711677a1bf47da66079d246ed0100fb0dbe83ba8b63d6ea63c9ef688be81c43
                                                                                                                                                                                                                                                      • Instruction ID: 0e50b22168626ddf60f6d0af9efb96e59642e8e66c3484fc44717625092377ac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8711677a1bf47da66079d246ed0100fb0dbe83ba8b63d6ea63c9ef688be81c43
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4341D334640200AFE720AF25D886F2677E5AB44718F54D488F95AAF3D2E772ED81CB90
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: f7078422d4c9c25d277e49cc5a796b50f0ed3348e16519fd625039448963760e
                                                                                                                                                                                                                                                      • Instruction ID: b2f69c7aa8477e125e8358909947977c7ec1053de9405b4a928affee86bd6011
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7078422d4c9c25d277e49cc5a796b50f0ed3348e16519fd625039448963760e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C414075A00304BFDB24AF78DD41B9A7BE9EF88710F10552EF115FB291E37199019780
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00ED5783
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 00ED57A9
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00ED57CE
                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00ED57FA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                      • Opcode ID: 7895fa0debe966d849e3caaeff4f55aa3e93d47e5c44ad0986990195e0359174
                                                                                                                                                                                                                                                      • Instruction ID: 8338e4144c751cf2a75e46dc41fcc9388acfc899db273b22bc62a8b477aed3f3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7895fa0debe966d849e3caaeff4f55aa3e93d47e5c44ad0986990195e0359174
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD414E39600A10DFCB11DF15D544A5EBBF2EF89364B299499E84ABB362CB30FD41CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00E882D9,?,00E882D9,?,00000001,?,?,00000001,00E882D9,00E882D9), ref: 00E9D910
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E9D999
                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E9D9AB
                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00E9D9B4
                                                                                                                                                                                                                                                        • Part of subcall function 00E93820: RtlAllocateHeap.NTDLL(00000000,?,00F31444,?,00E7FDF5,?,?,00E6A976,00000010,00F31440,00E613FC,?,00E613C6,?,00E61129), ref: 00E93852
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                      • Opcode ID: edde0db4d1acbbbad365edfbac398cf0f9194b2a3efcdeff33cf68e7196e9414
                                                                                                                                                                                                                                                      • Instruction ID: bc2c30b748ad7309a5d1c0d107f8adc0acb44fe2195c45861db883e5ec2a88be
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edde0db4d1acbbbad365edfbac398cf0f9194b2a3efcdeff33cf68e7196e9414
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC31EF72A0021AABDF24EFA5DC41EAE7BA5EB80314F150169FC08F7290EB75CD54CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00EF5352
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF5375
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EF5382
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EF53A8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                      • Opcode ID: aaac3aca062c773bdc04a2063adf699a38e49717d8d3cfa28c6b8acd620d07d8
                                                                                                                                                                                                                                                      • Instruction ID: 15d291ab4833ee5e0e1b75e23b5fa6ff151c83920e5a6bc4c2f43b743be2eb20
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaac3aca062c773bdc04a2063adf699a38e49717d8d3cfa28c6b8acd620d07d8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3131A136A57A0CEFEB209A1CCC05BF877A6AB25394F586111FB10B61E5C7B09940EB42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00ECABF1
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 00ECAC0D
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 00ECAC74
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00ECACC6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                      • Opcode ID: c6c19bba2ee97fa1a498a664eb7553687968bde37fd47f5e6b33d6d459cf2189
                                                                                                                                                                                                                                                      • Instruction ID: 232264d93960c3380e3a72b21b5cba752499a1bf68b07b199f02fc467cbb25d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c19bba2ee97fa1a498a664eb7553687968bde37fd47f5e6b33d6d459cf2189
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1311A3094431C6FEB34CB658904FFEB6A56B8531CF1C622EE481B21D1C37689568752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00EF769A
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EF7710
                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00EF8B89), ref: 00EF7720
                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00EF778C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                      • Opcode ID: 1cbc3953f008a34055697cf4993d4161603f869e704709c6ac923d41eb9a8f6e
                                                                                                                                                                                                                                                      • Instruction ID: 85b986e892a169766d4d18b189de1b41550f2fd41c8c0e128538033d3cd17b06
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cbc3953f008a34055697cf4993d4161603f869e704709c6ac923d41eb9a8f6e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03419E3461921CDFDB01EF59C894EB977F5BB48315F2550AAE694AB2A1C330E941CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00EF16EB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC3A57
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: GetCurrentThreadId.KERNEL32 ref: 00EC3A5E
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00EC25B3), ref: 00EC3A65
                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 00EF16FF
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00EF174C
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00EF1752
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                      • Opcode ID: 3cf063eb0d1cd477cd9a9ec2ca568b7694ea199ddff8a91e22f9a2fd4aac8866
                                                                                                                                                                                                                                                      • Instruction ID: 96a2ce4eed4aecc60f4c69195b860209d166926068f351dc3a2d16d2f22daaff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cf063eb0d1cd477cd9a9ec2ca568b7694ea199ddff8a91e22f9a2fd4aac8866
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99315275D00149AFC700EFA5D981CBEBBF9EF48308B6490AAE455F7251D6319E45CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECDFCB
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECDFE2
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00ECE00D
                                                                                                                                                                                                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00ECE018
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3763101759-0
                                                                                                                                                                                                                                                      • Opcode ID: dfd1a92bd62277fee8fa18c5ef3310d1cdc5b187d984ccd6f507a8e858132d7e
                                                                                                                                                                                                                                                      • Instruction ID: 60e47b64ac4821d30084826ac93a70232348d49e2866eb64b2822696e2c949e0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfd1a92bd62277fee8fa18c5ef3310d1cdc5b187d984ccd6f507a8e858132d7e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E21A671900215AFCB20EF64DD82B6EB7F8EF85760F145069E809BB381D6719D41CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF9001
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00EB7711,?,?,?,?,?), ref: 00EF9016
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF905E
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00EB7711,?,?,?), ref: 00EF9094
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                      • Opcode ID: 38a29480140310c553fe3a0722c6eaa91641b4e2ad1c201b44f65196922770db
                                                                                                                                                                                                                                                      • Instruction ID: a9f446d2ba5d2fdc97bc8891528dcf9e5a1b1ceb5b11c1372fb69298bacfb6ec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38a29480140310c553fe3a0722c6eaa91641b4e2ad1c201b44f65196922770db
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F218D3160001CAFDB258F95C858FFA3BB9EB89360F104065FA456B2A2C7759A90EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,00EFCB68), ref: 00ECD2FB
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00ECD30A
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00ECD319
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00EFCB68), ref: 00ECD376
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                      • Opcode ID: 1da45d3487e40d2460e8329af32181ba04c2d8784f1724442b097029b64a3c85
                                                                                                                                                                                                                                                      • Instruction ID: c2dd301c50ed8d562c180fcef43c9b4bf1d142dfa9d28f64f9abb3766183e96e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1da45d3487e40d2460e8329af32181ba04c2d8784f1724442b097029b64a3c85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B21D8705083059F8300DF28DE819AE77E4EF95364F205A2DF495E72A1D732D90ACB53
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EC102A
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1036
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1045
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC104C
                                                                                                                                                                                                                                                        • Part of subcall function 00EC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EC1062
                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00EC15BE
                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 00EC15E1
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00EC1617
                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00EC161E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                      • Opcode ID: b247d43992ed6d0e9d26f0c9b34592212981776298a09ab2489aee79d2da4569
                                                                                                                                                                                                                                                      • Instruction ID: 165eaef5e740f0723d78fb44ddca7d3c345fba49e10f8f527624418e4bb5a29e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b247d43992ed6d0e9d26f0c9b34592212981776298a09ab2489aee79d2da4569
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7217C71E00108AFDB00DFA4CA45FEEB7B8EF85344F284499E445B7242D732AA46DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00EF280A
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EF2824
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EF2832
                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00EF2840
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                      • Opcode ID: b680f70609599597db6baa995ddea7c7cc18ffe039e3028b11d8bfb7d301abe1
                                                                                                                                                                                                                                                      • Instruction ID: e8c96e4a0783c8fcedfb066b637a9a87060a4487c310abf81558c343a5456efb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b680f70609599597db6baa995ddea7c7cc18ffe039e3028b11d8bfb7d301abe1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C21F131204559AFD7149B24C844FBA7B99EF85324F24915CF626EB2E2C771FC82C790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?), ref: 00EC8D8C
                                                                                                                                                                                                                                                        • Part of subcall function 00EC8D7D: lstrcpyW.KERNEL32(00000000,?,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC8DB2
                                                                                                                                                                                                                                                        • Part of subcall function 00EC8D7D: lstrcmpiW.KERNEL32(00000000,?,00EC790A,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?), ref: 00EC8DE3
                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7923
                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7949
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,00EC8754,00000000,?,0000001C,?,?,00000000), ref: 00EC7984
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                      • Opcode ID: bae709982870d4620c6ebe4606e7a970c012f58f4eb59bd23506d3261f0f5d4c
                                                                                                                                                                                                                                                      • Instruction ID: 24f9efc61a5dc40153d84f39801bdc0447b8449b9db72457ad95effac927a1b3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae709982870d4620c6ebe4606e7a970c012f58f4eb59bd23506d3261f0f5d4c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B11063A200201AFCB159F35D944E7A77E9FF85354B10502EF986D7264EB329812CB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00EF7D0B
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00EF7D2A
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00EF7D42
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00EDB7AD,00000000), ref: 00EF7D6B
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 847901565-0
                                                                                                                                                                                                                                                      • Opcode ID: d81650bcbe5522d0f0d8ce3dcb16e052282bf8b313c8f84a1669266893c3bb35
                                                                                                                                                                                                                                                      • Instruction ID: 1cd555d7302c823159f701539ad89f84149764a7fbbf360afb9b7719be273740
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d81650bcbe5522d0f0d8ce3dcb16e052282bf8b313c8f84a1669266893c3bb35
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF11D23120561DAFCB108F29CC04AB63BA5BF86374B619324F979EB2F0D7318951DB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 00EF56BB
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF56CD
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EF56D8
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EF5816
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                      • Opcode ID: b5ddc812aecff91a7101043d1b9df6b14cf464a2eb6e729bef6de6b4748dbc85
                                                                                                                                                                                                                                                      • Instruction ID: 9fbefe0bd05640276d8534da3fae1439dfcc6105222c598c99b556a6641955d5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5ddc812aecff91a7101043d1b9df6b14cf464a2eb6e729bef6de6b4748dbc85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD11D67260060D96DB209F61CC85AFE77BCEF61764F10902AFB2AF6081E770C984CB61
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3c9327c41487761cafd91e00e2ec3e10787364b283c780b08fad9bcb59d11d30
                                                                                                                                                                                                                                                      • Instruction ID: 56928664ecb133fb951ea81433ace9127010ad0735299835e1fd150e2d4d7490
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c9327c41487761cafd91e00e2ec3e10787364b283c780b08fad9bcb59d11d30
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2016DF220A71B7EFE2126796CC1F67666DDF813B9B352369F631B11D2DB608C009160
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00EC1A47
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A59
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A6F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EC1A8A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                      • Opcode ID: def05be0b22db8b234876082315033e302d954ff9f27e0e57412b263c5d95faa
                                                                                                                                                                                                                                                      • Instruction ID: ee403ab5bd6888e1b6efbee2e53354fd246c755b15622496c3f2af8576f87e06
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: def05be0b22db8b234876082315033e302d954ff9f27e0e57412b263c5d95faa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E11393AD01219FFEB10DBA5CD85FADBB78EB08750F200095EA00B7290D6716E51DB94
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00ECE1FD
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 00ECE230
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00ECE246
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00ECE24D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                      • Opcode ID: cf08a91690d1cd0d09ee07b4f08ef4f33260483d142ce4dd7fe3a52f72a93519
                                                                                                                                                                                                                                                      • Instruction ID: 1933f778703494bcb5be8c276e932a9941f6aaff0757dbca04fff4509005722d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf08a91690d1cd0d09ee07b4f08ef4f33260483d142ce4dd7fe3a52f72a93519
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3911087290521CBFC7059BA89D05FAE7FADAB85324F204259F824F3391D271CD0487A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,00E8CFF9,00000000,00000004,00000000), ref: 00E8D218
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00E8D224
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00E8D22B
                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 00E8D249
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                      • Opcode ID: f316738cf2351f0404bf58e0ac77a9cffad0380c9dc05a7ca54d35ee964cd4cc
                                                                                                                                                                                                                                                      • Instruction ID: 1a118a67076742c7a9304b33d26478d4f984ba0358f52d9a4a048355865b9eb2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f316738cf2351f0404bf58e0ac77a9cffad0380c9dc05a7ca54d35ee964cd4cc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F01D636409208BFDB117BA5DC09BAE7BA9EF81730F201259F92DB21F0CB708905C7A0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00E79BB2
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00EF9F31
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00EF9F3B
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF9F46
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00EF9F7A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                                                                                                      • Opcode ID: 8c2534c0415d4fa1829ad2f9b0ff6e699710c7972d6ac4307a652e41ccba40d1
                                                                                                                                                                                                                                                      • Instruction ID: d2f1391bc1cc6bcccddd7f328846caa9c863d2d2c239cc15be7610c8c9561079
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c2534c0415d4fa1829ad2f9b0ff6e699710c7972d6ac4307a652e41ccba40d1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F112532A0011EABDB10DF69C849AFE77B9FB45311F204451FA51F7142D730AA85CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00E66060
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                      • Opcode ID: 130041926f5b3f37cff945bbca058dbeffde79f02d293e82a75fe09c7d3ce606
                                                                                                                                                                                                                                                      • Instruction ID: e89556b58fd36df9afb37d1b332a828ef2245dc6ecce0906ba838312559e35e7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 130041926f5b3f37cff945bbca058dbeffde79f02d293e82a75fe09c7d3ce606
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7118E72101508BFEF625FA49C44AEABF69EF483A4F101116FA0466050D772DC60DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 00E83B56
                                                                                                                                                                                                                                                        • Part of subcall function 00E83AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00E83AD2
                                                                                                                                                                                                                                                        • Part of subcall function 00E83AA3: ___AdjustPointer.LIBCMT ref: 00E83AED
                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00E83B6B
                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00E83B7C
                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 00E83BA4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                      • Instruction ID: 7ae86b8f66f9b4d4c218ffe7e59f868d7b54156177a2b3104daa18e17e7ea620
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF0129B2100149BBDF126EA5CC42EEB7FA9EF48B58F045014FE4C66121D732E961EBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00E613C6,00000000,00000000,?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue), ref: 00E930A5
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue,00F02290,FlsSetValue,00000000,00000364,?,00E92E46), ref: 00E930B1
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E9301A,00E613C6,00000000,00000000,00000000,?,00E9328B,00000006,FlsSetValue,00F02290,FlsSetValue,00000000), ref: 00E930BF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                      • Opcode ID: f3845d7a78cfb7c8171685455f5d2f2a355ce16b545fff3d7dc4789144577487
                                                                                                                                                                                                                                                      • Instruction ID: 5905f76ad6173c06a50fbdda4835b69a7ffe38466d931b5562eaf952a543f933
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3845d7a78cfb7c8171685455f5d2f2a355ce16b545fff3d7dc4789144577487
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A01F232302726ABDF314B79AC44AAB7B99EF45BA5B314620F916F3150DB21DD09C6E0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00EC747F
                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00EC7497
                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00EC74AC
                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00EC74CA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                      • Opcode ID: 5388b656015e84b692b1f62c17c091af270c77d97ed49d9a972de5f8b0aa398d
                                                                                                                                                                                                                                                      • Instruction ID: 8f78469130953977ea9900a6929e8b94e9080b0bdd398da1c081adfb8b114aee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5388b656015e84b692b1f62c17c091af270c77d97ed49d9a972de5f8b0aa398d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57117CB12053149FE7248F14DE09FA2BBB8FB40B04F20856DA6B6E6151D771E909DF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0C4
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0E9
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB0F3
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00ECACD3,?,00008000), ref: 00ECB126
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                      • Opcode ID: fe46abf3e55da658b5fccea143b4e18980a2f57b3a1def19fc3bdf9a31ff6eb3
                                                                                                                                                                                                                                                      • Instruction ID: 98141121cf50c4028a809f5c71d8ca38f8e182c8dc1d787194fe6f66c7f3a402
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe46abf3e55da658b5fccea143b4e18980a2f57b3a1def19fc3bdf9a31ff6eb3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9112A31C0251CEBCF049FA5DA5ABEEBB78FF49711F205089D941B2181CB315552CB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EF7E33
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF7E4B
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EF7E6F
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EF7E8A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 357397906-0
                                                                                                                                                                                                                                                      • Opcode ID: 97f2378979fd75269a60841b4749b9d7f893771a231bdad25fc90b597cf2a1e2
                                                                                                                                                                                                                                                      • Instruction ID: 973ec7d558bd7d6a1d3b9cb5f95736b590c6556552e23bf803a40f99e411d9ae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97f2378979fd75269a60841b4749b9d7f893771a231bdad25fc90b597cf2a1e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 821143B9D0420EAFDB41DFA9C9849EEBBF5FB48310F505066E915E2210D735AA54CF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EC2DC5
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00EC2DD6
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00EC2DDD
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00EC2DE4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                      • Opcode ID: 1d4459fe1154616ea893395003d9d9a5cec17f220092eba942bbabab168ceb76
                                                                                                                                                                                                                                                      • Instruction ID: f7f28e72d71f3113a223d21d2b6911e351a18e8a461193fa78a921b54334a41f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d4459fe1154616ea893395003d9d9a5cec17f220092eba942bbabab168ceb76
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FE06D711052287BD7201B639E0DFFB3E6CEF92FA1F61101DB206F10809AA18985C6B0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E79693
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796A2
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: BeginPath.GDI32(?), ref: 00E796B9
                                                                                                                                                                                                                                                        • Part of subcall function 00E79639: SelectObject.GDI32(?,00000000), ref: 00E796E2
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00EF8887
                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00EF8894
                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00EF88A4
                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00EF88B2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                      • Opcode ID: d17b62a5f251a68c38a9f4c6e0f0fac8f743f409d6928eb8804123875a42330b
                                                                                                                                                                                                                                                      • Instruction ID: 93d3a766fd58ae21300e2eb041ae76b697ada62aa03bc91f46ca6781f867ca5e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d17b62a5f251a68c38a9f4c6e0f0fac8f743f409d6928eb8804123875a42330b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58F09A3600225CBADB125F95AD09FEA3E69AF46324F608000FA01710E2CB740525DBE5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 00E798CC
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00E798D6
                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00E798E9
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 00E798F1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                      • Opcode ID: 4d9fbd0125f266b6af22f389ad49b180ae5c153219a8d160bea6a099991e8f46
                                                                                                                                                                                                                                                      • Instruction ID: e40e8542bc5f7eb6b6d0bb34cef268b69de7b704055e0374f85aaef92438db8a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d9fbd0125f266b6af22f389ad49b180ae5c153219a8d160bea6a099991e8f46
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E06531245244AEDB215B75BD09BF93F21EB91336F348219F6F9680E1C3714654DB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00EC1634
                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,00EC11D9), ref: 00EC163B
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00EC11D9), ref: 00EC1648
                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,00EC11D9), ref: 00EC164F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                      • Opcode ID: 87d51e64d14c0110367ca8a009999324d3fdb72e6c3db4f16de5261bb1cb2745
                                                                                                                                                                                                                                                      • Instruction ID: 18d6354980e346dc7ca2756f833eae65a0ea6dae41ca631633a2f9e9293ec7b1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87d51e64d14c0110367ca8a009999324d3fdb72e6c3db4f16de5261bb1cb2745
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4E08632602215DFD7201FB29F0DF663B7CEF85795F344848F245E9090EA35444AC750
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EBD858
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EBD862
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EBD882
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 00EBD8A3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                      • Opcode ID: 926f3a78b261c1571143871e3d86af4c68b66e87fbf866b36850ba9f93d6c140
                                                                                                                                                                                                                                                      • Instruction ID: 9f687f295aa8e860b572a047957c1d34557fdf464ecab1b3bc73ea5c6af0fdc3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 926f3a78b261c1571143871e3d86af4c68b66e87fbf866b36850ba9f93d6c140
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E0ED70904208DFCB419FA1990867DBBB1AB48711B359405E846F7350CB344506DF40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EBD86C
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EBD876
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EBD882
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 00EBD8A3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                      • Opcode ID: 0fc22298b96b82ce398078684c89add597d262d9f522ad7703658f25ef430b1c
                                                                                                                                                                                                                                                      • Instruction ID: f33eaa02f141e09ef910c3cbe107a49a60cfca34926d17a0170002cbd1fae124
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc22298b96b82ce398078684c89add597d262d9f522ad7703658f25ef430b1c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BE01A70904208DFCB409FA1D90867DBBF1BB48710B359408E84AF7350CB38590ADF40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E67620: _wcslen.LIBCMT ref: 00E67625
                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00ED4ED4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                      • Opcode ID: 874e53b0e1c67a5de3c22425afa04e0f6c5e9a9be8d5b31f3e34429e8f9055e4
                                                                                                                                                                                                                                                      • Instruction ID: 6b21725fb5aaaa7f5d9c7f895244a38e96db1e6bb93e33fe165cc80b16234f8d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 874e53b0e1c67a5de3c22425afa04e0f6c5e9a9be8d5b31f3e34429e8f9055e4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB9176B5A002449FCB14DF54C484EA9BBF5FF54308F14A09AE84AAF3A2D731ED46CB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 00E8E30D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                      • Opcode ID: 0dcf7bc4b112c38c16574d3689ce3e76bd212904e27929bd851e79df58072d0a
                                                                                                                                                                                                                                                      • Instruction ID: 2ccc24f0b851db15b874a4aaa96cc880c2305df9b5ae448a2a5ddca28ae6922f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dcf7bc4b112c38c16574d3689ce3e76bd212904e27929bd851e79df58072d0a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F516C61A2C20696CF157714CD013BA3BE4FB41B85F306958E0DE723F9EB348C899B46
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                      • Opcode ID: 4eddde027e735cd8403489c014450723b62a1f24db785753c9468d30892b2672
                                                                                                                                                                                                                                                      • Instruction ID: b7c3a4ed198095a2055c406f65cab71f65044d282482435e5774be3be25f96f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4eddde027e735cd8403489c014450723b62a1f24db785753c9468d30892b2672
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16514635504296EFDB19DF68C0416FA7BA8EF19314F24A096E891BB3E1DA309D42DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00E7F2A2
                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 00E7F2BB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 2b039d1505a0bff3146ed4d3169ab0eee25c37000ac11e1f3d415979eed3c627
                                                                                                                                                                                                                                                      • Instruction ID: 4aa50218cb42df343aa6d151583e81f840340f7e48f407b578d91875e733798e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b039d1505a0bff3146ed4d3169ab0eee25c37000ac11e1f3d415979eed3c627
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3051777141C7499BD320AF50E886BABBBF8FB84344F91884CF1D9510A5EB718529CB66
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00EE57E0
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EE57EC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                      • Opcode ID: be867d30612bec76e448f1e85d9c61635ebc3ca777c9450d33b4023047b0840c
                                                                                                                                                                                                                                                      • Instruction ID: 5085cbee03702cbb2b319b70913cac9c0ea68a2286beb5188663b6a92a9af93e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be867d30612bec76e448f1e85d9c61635ebc3ca777c9450d33b4023047b0840c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4241C232A001099FCB08DFA9C8829BEBBF5FF59328F10602DE505B7251E7309D81CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EDD130
                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00EDD13A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                      • Opcode ID: b2feed8ed6e184aa9e0696431e66c919d4f5cbfcea83b574c77950501f2a6f0e
                                                                                                                                                                                                                                                      • Instruction ID: 45c731082d55ac9d15e122059eacad202f2b7e1f82c5ff5cced49d2c66064c43
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2feed8ed6e184aa9e0696431e66c919d4f5cbfcea83b574c77950501f2a6f0e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44313E71D01119ABCF15EFA4DC85AEE7FB9FF04344F101119F819B6261E731AA06DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00EF3621
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00EF365C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: 9eb67adf50c6c6eb5eb734b2ea32ada3693051c44cef5f84967578f1cc8caac5
                                                                                                                                                                                                                                                      • Instruction ID: 8f15a57bc2a3e6087cd29c6fe39b53f4a3d02eacdcbd89fed4b54e30b0a9a133
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9eb67adf50c6c6eb5eb734b2ea32ada3693051c44cef5f84967578f1cc8caac5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49318E71110208AEDB20DF78DC40ABB73A9FF88764F11A619F9A5E7290DA30ED81D760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00EF461F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EF4634
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                      • Opcode ID: e09f63194cfe0faf95de0dd3838610d49409d11c57a4b28280c76e00960587e2
                                                                                                                                                                                                                                                      • Instruction ID: d11408ebaabbc465db7aba58d2c2ef8825cbe7b944a71251d8c44139bf047919
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e09f63194cfe0faf95de0dd3838610d49409d11c57a4b28280c76e00960587e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 043138B5A0120D9FDB14DFA9C980BEA7BB5FF49304F15506AEA04EB391E770A941CF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00EF327C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EF3287
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                      • Opcode ID: 0ce39ff817cf60d24e248c68ba112061ce35eac148f1546449b1f5e50ca1fe08
                                                                                                                                                                                                                                                      • Instruction ID: 1c5139acb789b632778abc764d0e14a361e71c8bcd99b9fddf1c2b3c162f18f3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ce39ff817cf60d24e248c68ba112061ce35eac148f1546449b1f5e50ca1fe08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C511B27130020C7FFF259EA4DC80EBB37ABEB943A8F205525FA18A72A0D631DD519760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E6604C
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: GetStockObject.GDI32(00000011), ref: 00E66060
                                                                                                                                                                                                                                                        • Part of subcall function 00E6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6606A
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EF377A
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00EF3794
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: 5f63d5b9b0e83078a4dd181119e6f328c6da409fee4066f1a148fa48d3f846f4
                                                                                                                                                                                                                                                      • Instruction ID: c6a195a8d9aca6bb7a3dc127e14002c2d79495a170de7cf6034dbb0a14f0ef45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f63d5b9b0e83078a4dd181119e6f328c6da409fee4066f1a148fa48d3f846f4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB1147B261020DAFDB00EFB8CC45AFA7BB9EB08314F105925FA55E2250E734E810DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00EDCD7D
                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00EDCDA6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                      • Opcode ID: 1d0ec27b6d4d35e9592e6a48df19e9145927eb787d71a562dbad2f82b0dae9f5
                                                                                                                                                                                                                                                      • Instruction ID: 453dd7ec1faebe2069865ab0d84efb3ab306af533224bd22b9ded519fd4c090f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d0ec27b6d4d35e9592e6a48df19e9145927eb787d71a562dbad2f82b0dae9f5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC11A3712056367ED7284A668C45EF7BE6AEF527E8F205227B109A3280D6709846D6F0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 00EF34AB
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00EF34BA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                      • Opcode ID: a4ee1d4c8636ca2e2f9f368000ffafb0fc5b10fb7d0d1721cf881ed7c73cc29a
                                                                                                                                                                                                                                                      • Instruction ID: 9a1767c435b1e6c8f9381c82731f272ddf34ca17aac8b2198941ba9b2ee7aa64
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4ee1d4c8636ca2e2f9f368000ffafb0fc5b10fb7d0d1721cf881ed7c73cc29a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76116D7110020CAEEB218E74DC44AFA37AAEB45778F606724FA71A31D0C771DC519B60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 00EC6CB6
                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00EC6CC2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                      • Opcode ID: 4c886c675ecd49685b588706942f3e5dee338da04ce9222d328fda14fedc3d1e
                                                                                                                                                                                                                                                      • Instruction ID: 60582c35400b001204d237ab5a6b927f040ca487d4a991860ac57a18327d5f1b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c886c675ecd49685b588706942f3e5dee338da04ce9222d328fda14fedc3d1e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F601C8326005278BCB20AFBDDE80EBF77F5EB61754710192CE462B7195EA32D941C650
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00EC1D4C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 1f7395703b4154546ffe1b0af1e82fb603f3bca7a7a741d4694a0c7deeeeec17
                                                                                                                                                                                                                                                      • Instruction ID: 68a69fd382bb3088b557367f25a1e1f6517706412c33c45404e7bef005e9cbd4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f7395703b4154546ffe1b0af1e82fb603f3bca7a7a741d4694a0c7deeeeec17
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63012D716401146BCB08EBA0DE11DFE77A8EB53390B10190DF823772C2EA31991DD661
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 00EC1C46
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 99612bab837aa8ac9d17d9341680d38b8509a346ba691b4a7aa579153a577886
                                                                                                                                                                                                                                                      • Instruction ID: 46f254f4d269d76f0282dab2789c3f89ea740bbff60df24026901d6f1e98f285
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99612bab837aa8ac9d17d9341680d38b8509a346ba691b4a7aa579153a577886
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A501887568110467CB08E7A0DB51FFFB7EC9B52780F14105DB40677283EA359A1DE672
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 00EC1CC8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: cbe51e55f77727ee382b73e4e23dfdf93af37b4cf0b7bfe29edbbed514ff385b
                                                                                                                                                                                                                                                      • Instruction ID: ce8776ae50046f7ca2dae322f17e2e61fbc834590dcde0a3ca9e507b085e2048
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbe51e55f77727ee382b73e4e23dfdf93af37b4cf0b7bfe29edbbed514ff385b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A901A77168011867CB08E7A0DB11FFEB3EC9B12780F242019B80173283EA369F1AD672
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E69CB3: _wcslen.LIBCMT ref: 00E69CBD
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00EC3CCA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00EC1DD3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: c3e281c329159c50047a5806c60e229f95893cc85c13c36bd48abec7ddbeb9ed
                                                                                                                                                                                                                                                      • Instruction ID: f8601b9c9676d67fdb609aa2c80a2d7a82eb4994bb52fb4d5824666e2465d4eb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3e281c329159c50047a5806c60e229f95893cc85c13c36bd48abec7ddbeb9ed
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F0F971A4021467C704F7A4DE51FFEB7ACAB02790F141919B422732C3DA71991D8271
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                      • Opcode ID: b1489c2e7390d7975fd3b016dcd48b2e892eec923d87a438afa90ca4dd976d14
                                                                                                                                                                                                                                                      • Instruction ID: fff57d82c5a48ef1bcab021d8c5cae2741583c27254abbf4e3337451a71458b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1489c2e7390d7975fd3b016dcd48b2e892eec923d87a438afa90ca4dd976d14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37E02B42205362109331327BACC197F5AC9CFC9750710382BF9DDF22E6EA94CD9193A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00EC0B23
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                      • Opcode ID: 7ce3a887d2444bbc2b9851309cbc75331bd8a2b012a9d86ab4a9970db6a84524
                                                                                                                                                                                                                                                      • Instruction ID: 433498443dc57f445583d4c0372d79334014cafce7216932cd78b5900b997839
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ce3a887d2444bbc2b9851309cbc75331bd8a2b012a9d86ab4a9970db6a84524
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CE0D83128431C2AD21036957D03F997AC4CF05F60F30542BF75CB54C38AE2649087E9
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00E7F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E80D71,?,?,?,00E6100A), ref: 00E7F7CE
                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,00E6100A), ref: 00E80D75
                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E6100A), ref: 00E80D84
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E80D7F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                      • Opcode ID: b609f9239e3c20e20ccb513182ed5a6f3d576f1ccd60a581a9f2dc429ba2fbfb
                                                                                                                                                                                                                                                      • Instruction ID: e68328a383d090033efc70fd351b1dd060854c515e535712f059fcac0a0d85b1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b609f9239e3c20e20ccb513182ed5a6f3d576f1ccd60a581a9f2dc429ba2fbfb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90E06D702007118FE3A0AFB9E5043527BE4AF40754F10992DE48EE66A1DBB0E448CB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00ED302F
                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00ED3044
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                      • Opcode ID: c4912a55b55b5952b94e5ecab6115a060ff772058f46286b0bbb90af3ef082ce
                                                                                                                                                                                                                                                      • Instruction ID: a9ec6038ae60b77e78e4963c78355a2357255921f0d738319cf12c50770f1c86
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4912a55b55b5952b94e5ecab6115a060ff772058f46286b0bbb90af3ef082ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DD05B71500328ABDA209795AD0DFD73A6CD744750F1001517655E20A1DAB4D548CAD0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                      • Opcode ID: 84bfe9d92bfe89372cb14b194af0cabfd3f0ad0b06f5a7774b916e410f7c34e2
                                                                                                                                                                                                                                                      • Instruction ID: 738b074474c6c66fb57f9ecac541c6bec4f6089ea6a85407b0b556cc54b86092
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84bfe9d92bfe89372cb14b194af0cabfd3f0ad0b06f5a7774b916e410f7c34e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72D01271C0D158E9CB5096D0DC458FBB3BCEB48301F60A462F90AB1060F624C908AB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EF236C
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00EF2373
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: 65d9589d0e18342e70bfa2f8faeb5cf5ea67cc5131dcb1af1e59042199ef2067
                                                                                                                                                                                                                                                      • Instruction ID: 20dfa903c509f8f041db51c1c829566853baa92b9443e5fa380ce4f3f57ac645
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65d9589d0e18342e70bfa2f8faeb5cf5ea67cc5131dcb1af1e59042199ef2067
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8D0A9323803107AE264A331AD0FFC666149B80B00F2009167201FA1D0C8B0A805CA05
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EF232C
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00EF233F
                                                                                                                                                                                                                                                        • Part of subcall function 00ECE97B: Sleep.KERNEL32 ref: 00ECE9F3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: 92e8dff85e1a78924278bc6dbe77d923f1c83d2b9af1ec3c893bc37e26470a92
                                                                                                                                                                                                                                                      • Instruction ID: 4babdb658e45ae115ea9a7fc0ac4bc19ee8047d130ca5af95f474d7d84535741
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92e8dff85e1a78924278bc6dbe77d923f1c83d2b9af1ec3c893bc37e26470a92
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30D02232384310BBE264B331ED0FFD67A149B80B00F2009167305FA1D0C8F0A805CA00
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00E9BE93
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00E9BEA1
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E9BEFC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1772502219.0000000000E61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772478220.0000000000E60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772657988.0000000000F22000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772720766.0000000000F2C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1772748565.0000000000F34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e60000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                      • Opcode ID: f63307a895b039d90631045b57bae02a262c41af14b4f05ad9f55c9924cf188f
                                                                                                                                                                                                                                                      • Instruction ID: 3ca102dbad09f69ad41849d1107957297942cd0c0e6d365429192c96eb4c8d25
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f63307a895b039d90631045b57bae02a262c41af14b4f05ad9f55c9924cf188f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F341D43470020AAFCF219F65EE44ABE7BA9EF41714F246169F959B71A1DB308D01CB50

                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                      Execution Coverage:0.4%
                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                      Signature Coverage:100%
                                                                                                                                                                                                                                                      Total number of Nodes:6
                                                                                                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                                                                                                      execution_graph 5000 229034f7037 5001 229034f7047 NtQuerySystemInformation 5000->5001 5002 229034f6fe4 5001->5002 5003 22903514272 5004 229035142c9 NtQuerySystemInformation 5003->5004 5005 22903512644 5003->5005 5004->5005

                                                                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000010.00000002.2971046048.0000022903512000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000022903512000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_16_2_22903512000_firefox.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                      • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                      • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                      • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                      • Instruction ID: 11948b3109d3d6568745b4661c19aabe9e6cb82d20819e121cffd95683f81023
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1A3D631618A4D8BDB2EDF68DC856A973E9FB98300F14422ED84BC7255DF34EA4287C5

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 2850 2290314a1c2-2290314a903 2852 2290314a907-2290314a909 2850->2852 2853 2290314a95f-2290314a991 2852->2853 2854 2290314a90b-2290314a942 2852->2854 2854->2853
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000010.00000002.2969869850.0000022903149000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000022903149000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_16_2_22903149000_firefox.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 30138b142d9332b4d727908a52c65033e7ae8232672b50f36ef02faccfce70e8
                                                                                                                                                                                                                                                      • Instruction ID: 9652afd588338fda4fe1e26fbeec38a240fa01f0e60fdd1d0d72ed3e5b19fae0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30138b142d9332b4d727908a52c65033e7ae8232672b50f36ef02faccfce70e8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A321A13150CB8C4FD746DF28C844A56BBE0FF6A310F1506AFE089C72A2E634D9458782